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ABSTRACT ese 


Modern Department of Defense C*I systems utilize high speed commercial computer 
networks, composed of commercial equipment and connectivity. The United States Special 
Operations Command (USSOCOM’s) SCAMPI (not an acronym) Network was a fore runner 
of this trend. Industry uses the same type of circuits but approaches the network 
management of these circuits from a financial interest versus the military strategic and 
tactical aspects considered by the service user. This thesis analyzes this representative 
network in the context of industry network management and metrics practices. The thesis 
first surveys and explains the industry practices most prevalent in this changing 
environment and then examines the practices in place at USSOCOM. The compilation of 
industry wide network management and metrics procedures is followed by a series of 
solution recommendations for the SCAMPI network. These recommendations are explained 
in the context of current industry practices. This is followed by a series of emerging 
industry trends and technical developments which most likely will affect the implementation 
of network management and metrics tools. These developments are followed by a 
comprehensive industry definitions section, network bibliography, and a hypertext link 


guide to current military, industry and educational institutions networking solutions. 
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EXECUTIVE SUMMARY 


Modem C‘I networks utilized by the military are increasingly composed of commercial 
equipment and commercial connectivity. The number of users on most computer networks is growing 
exponentially. The number of hubs in each network is expanding geometrically. Within this explosive 
growth is the inherent problem of managing and measuring these expensive assets. Commercial 
networks are monitored and measured to meet corporate costing goals and guidelines. The DoD 
networks do not deliver a bill directly to each user, but seek to increase reliability, service quality and 
other variables. 

This thesis is a case study of the network management and metrics measurement program of 
the United States Special Operations Command’s (USSOCOM) SCAMPI (Not an Acronym) Network. 
SCAMPI is the principal C4I network for special operations forces. It covers the continental United 
States and Hawaii, and has deployable nodes in overseas locations. It was at the time of 
implementation a leading edge C4I network composed of optical fiber links and high speed hub 
switching equipment. It also had a later installation of a Network Operations Center (NOC) that 
conducts the network management and metrics measurements for the network. This center known as 
the Systems Resource Center (SRC), also serves in the classical trouble desk mode for all Automatic 
Data Processing (ADP) related problems. The SCAMPI system remains a robust and fully functional 
network. This thesis seeks to ensure that the network management and metrics program is proactive 
and allows constant improvements in service to the special operations community. 

The thesis begins with an introduction to the SCAMPI network. This serves to acquaint any 
readers outside of the USSOCOM community with the fundamental network aspects that are addressed 


- 


in the study. The next chapter serves as a network management summarization from many industry 


X1X 


sources. The area of network management is constantly changing, its standards are fluid, and the 
obsolescence cycle found in the computer industry is amplified by the change in all levels of computer 
network structure. 

This thesis also seeks to consolidate the fundamentals of network monitoring, metrics 
collection, configuration control, maintenance, restoration, and accounting. This is done by the use of 
tables that provide more of a checklist approach to the task of ascertaining the merits of a planned 
acquisition or improvement. This also provides an overview of the primary elements found in most 
vendors Network Management Systems (NMSs). These sections are provided to enhance the 
understanding of later recommendations and solutions. The SCAMPI system is analyzed in the context 
of what network management and metrics functionality 1s present and utilized. The system is presented 
in terms of industry-wide terminology and practices. 

A chapter is dedicated to the analysis of current NMS/metrics measurement limitations. Six 
problem areas are offered, each with an accompanying solution. The problems and solutions draw 
from the understanding of the previous industry fundamentals chapters. The implementation of these 
solutions all seek to increase the proactive role of the SRC in providing enhanced service to the user. 

Following the recommendations chapter is a chapter on industry trends and practices that most 
probably will have an impact on the future of network management. These areas of potential 
complications to the network management problem are explained in the context of the technology and 
the possible benefits to the network manager/user. 

In the interest of providing a single source document for the network manager/engineer/user 
several appendixes are provided with network management references and bibliographies. A glossary 


of networking terminology is included. A summary of hypertext documents that can be found on the 


XX 


Internet in network management and metrics related areas is provided. 
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I. INTRODUCTION 


AS MODERN NETWORK MANAGEMENT ISSUES AND CONCEPTS 

1. Network Management and Metrics Principles 

According to a Forrester Research study, the average 5,000 user corporate network costs 
more than $6.4 million per year to support. The increasing reliance on computer networks 
creates an accompanying rising support and management cost. This reliance also creates costs 
when a company faces a downtime on the network. Industry averages show this cost to be 
approximately $62,500 per hour of potential lost revenue. [REF 1] 

Network monitoring has evolved from the tools and techniques that helped manage 
Local Area Networks (LAN’s) to the large scale Network Operations Centers (NOC’s) that can 
oversee thousands of nodes. Within this evolution, there have been many obstacles to the 
network administrators. Topologies of networks change rapidly due to the exponential growth 
of computer networks in the work place. Reliance on numerous manufacturers of computer 
network equipment to produce compatible equipment, while the standards of networking are 
constantly changing, has caused many difficulties. 

The C’‘l for the Warrior (C4IFTW) concept that currently guides the military’s adoption 
of information technologies integrates commercial and military networks, and a mixture of 
system components to achieve connectivity. The provision of vastly increased access to 
information at all echelons is made possible by the use of modern high speed computer 
networks. This overarching doctrine has placed the procurement and deployment of computer 


networks into the mainstream of industry driven standards and procedures. [Ref. 2] The DoD 


no longer sets its own unique standards and drives the market by volume purchases. 

The interoperability, capacity, cost, security, and availability issues must constantly 
be addressed in all phases of a network’s lifespan. In the design phases, acquisition and initial 
production, the issues of network management are usually secondary to the cost, capacity and 
production factors. Once a moder network is operational, the issues of network management 
and measurement of system resources through a dedicated metrics program becomes a higher 
priority. The establishment and management of such a program require the understanding of 
the interaction of the technological aspects of the network, the user requirements and the 
capabilities and limitations of a management system. 

Once a network is operational, its status does not remain fixed. The normal growth 
curve of users in modern computer networks has been exponential. The bandwidth allocated 
to these users is usually a limited commodity and must be analyzed in the context of usage and 
future growth. 

Network monitoring and management is difficult. Numerous variables and factors must 
be considered in the management plan. Differences in protocols, hardware variability and 
interoperability, incompatible operating systems, bandwidth allocations, and security 
requirements force a network manager to tailor plans that while operational today can be 
essentially dis-functional with any new additions or technology changes. 

pan Fiscal Responsibilities of Network Management 

The fiscal responsibility incumbent upon today’s modem military manager requires the 
most effective use of resources balanced against military necessity. Network management 


systems allow the planning, measurement and monitoring of expensive network resources. The 


predominance of commercial circuits that have a monthly lease fee based on bandwidth and 
service guarantees necessitates monitoring. The measurement of usage and performance to 
insure the service customer is getting what was paid for, and to wisely determine future 
requirements necessitates a usable and responsive metrics program. 

A network in operation is a dynamic and chaotic process. The measurement of many 
diverse parameters are necessary to get a full picture of the state of the network. An example: 
Measurement of simple bandwidth allocations to individual users will only reflect problems 
when the users approach full capacity of their allocation. Unless a network is analyzed to see 
who and what is producing the flow of traffic and how it is managed and transported in terms 
of the dynamics of the network, much of the future growth indicators can be missed. Trend 
analysis and traffic studies give a good historical perspective, but reflect only the past usage of 
the network. Networks that are constantly growing, subject to rapid ramp-ups of activity in 
crisis situations, and not adequately monitored face potential complications. 

A network consists of many dissimilar and technologically complex parts. The 
interaction of complex switching mechanisms and high speed conduits strives for a seamless 
and transparent system for the user. If a malfunction does occur, the priority on rerouting, 
and/or circuit restoration is high. The cost of impeded informational flow, while hard to 
directly account for in dollar amounts, is a serious cost to modern organizations. The ability 
of a network management system to alleviate any system outages increases the efficiency and 
value of the network. The further down into a network an automated system can detect and 
help repair assets the more cost savings can be achieved. Pro-active measures can often detect 


and repair network slowdowns or outages prior to customer notice. 


3: Requirements for Modern Technology Concepts 

Computer network management techniques have evolved with the explosive growth and 
proliferation of networks. The orginal equipment for network management was vendor 
specific and addressed the maintenance and management of a single or set of similar pieces of 
network equipment. The original LAN monitoring devices, capable of monitoring small scale 
operations within a segment of a network have grown to systems that can monitor devices on 
a world wide scale. The ability of a device to determine the status and operational capability 
of any of a multitude of network components has required years of industry attempts at 
standardization, compatibility and internetworking protocols. This evolutionary effort is still 
in an early stage. The industry is still maturing and with every new technological achievement, 
the obsolescence of existing standards is not only possible, but probable. 

The “ever - elusive” state of the art in network management and metrics measurement 
requires the use of several modern computer technology concepts. These concepts include 
standardized and specialized network management protocols, and agent programs residing in 
managed network elements to perform delegated remote tasks. In addition the formal 
techniques of hierarchical naming and syntactical definition of communicated variables allow 
structured management functionality to exist at all network levels. 

B. OBJECTIVE OF THESIS 

1. Examination of SCAMPI System Metrics Program 

The objective of this thesis is to examine a modern C‘] network, the USSOCOM 
SCAMPI, (not an acronym), network, in terms of Network Management and Metrics. The 


analysis of.the existing Network Management and Metrics program in terms of procedures, 


protocols, and metrics implementation will be undertaken. In addition to the basic examination 
of the system, the consolidation of industry practices that form the basis of network 
management and metrics application will be presented to gauge the performance criteria 
present in the existing SCAMPI system. This review will also serve as a condensed reference 
for anyone needing a quick survey on modern network management practices. 

Dap Recommendations For Improvements In The Metrics Program 

Upon completion of this examination of the SCAMPI network, recommendations will 
be offered in terms of metrics program improvements and future network management 
innovations. It is hoped that this study will serve as a basis for further improvement of the 
metrics and network management process in this and similar DoD networks. 
oF SCOPE, LIMITATIONS AND ASSUMPTIONS 

The scope of this investigation is limited to the USSOCOM SCAMPI C’‘I network but 
will have applicability in any modern C’I network. The resulting metrics definitions, findings 
and recommendations will be delivered to USSOCOM upon thesis completion. 
D. ORGANIZATION OF THESIS 

This thesis is organized into six chapters. This chapter provides basic introduction, 
objectives, scopes and limitations of the work to be performed. Chapter I provides an 
introduction to the USSOCOM SCAMPI Network. Chapter III condenses into table form an 
industry wide survey of Network Management and Metncs. This chapter can serve as a check 
list for functionality on network management systems. Chapter IV covers the metrics 
implementation of the SCAMPI network. Chapter V provides initial recommendations and 


implementation for a pro-active metrics plan for USSOCOM. It examines metrics limitations 


and network management shortfalls as currently configured, with recommendations for a pro- 
active metrics plan. It will discuss implementation and system requirements. Chapter VI 
explores the implications of near term technology innovations on network management and 
metrics and examines the basis for further research areas. 

Appendices are provided to expand certain networking management concepts and to 
provide more detailed definitions of terms and concepts. In addition resources that are directly 
related to the topic but not cited in the reference section are listed. Network fluent readers will 
have less need of these than those readers new to network management and metrics. Appendix 
A provides USSOCOM Traffic study examples cited in the thesis. Appendix B provides 
additional and amplified network definitions. Appendix C provides a comprehensive 
bibliography of modern network reference sources. Appendix D provides hyper-text links to 


network management/metricssites that are government and industry representative. 


Il. USSOCOM SCAMPI NETWORK ARCHITECTURE 


A. SCAMPI SYSTEM DESCRIPTION 

A brief overview of the SCAMPI telecommunications network is provided for those not 
familiar with the system. This description will acquaint the reader about those network features 
relevant to this examination of Network Management and Metrics measurement issues. For 
those readers familiar with SCAMPI, this chapter can be skimmed or skipped entirely. 

Special operations forces (SOF) have unique missions that include direct action, 
strategic reconnaissance, unconventional warfare, foreign internal defense, and counter 
terrorism. The execution of these missions often requires communications and intelligence 
systems support that is distinctly different from that required by conventional forces. [Ref. 4] 

SCAMPI , is a communications system that was created to allow dissemination of C‘I 
information between the United States Special Operations Command (USSOCOM), its 
components and their major subordinate units, and selected Government agencies and activities 
directly associated with the special operations community. [Ref. 8] 

The SCAMPI network provides gateway service for the special operations community 
to extemal DoD classified voice, data and video teleconferencing (VTC) systems. 
Transmission of data between nodes of the SCAMPI system is over Defense Information 
Technology Contracts Office (DITCO) leased T1 and fractionalT1 (FT1) lines. SCAMPI 
carries collateral and sensitive compartmented voice, data and VTC information. [Ref. 11, 17] 

All information sent over the leased lines is fully secured using one or two levels of 


encryption The embeddable KG-84 COMSEC Module (KIV-7) provides the encryption 


mechanism for the network. [Ref. 15] No Multiple Level Security issues are covered in the 
context of this thesis. The issues of security as related to Network Management are reviewed 
in the functionality sections. 

Numerous systems and applications nde on the SCAMPI network. HQ USSOCOM, 
USSOCOM component forces, and the USSOCOM Washington Office LANs are connected by 
SCAMPI to form a command LAN. SCAMPI provides connectivity for the SOCRATES, 
METOC and other special operations analysis tools used by the SOF community. [Ref. 4, 10] 
B. SCAMPI NETWORK TOPOLOGY 

1. Basic Informational Flow Topology 

Figure 2-1 shows the basic network information flow topology for a single connection 
using the SCAMPI system and the gateway terminals [After Ref. 17]. Components of the 
topology are explained in the following paragraphs. 

Ground Entry stations provide an interface for the SCAMPI network to allow an 
overseas extension of the information available on the basic network. These entry stations are 
primarily commercially manufactured satellite terminals that exist at DISN Terrestrial Gateway 
sites. The deployable SHF Tri-band Satellite Terminals that allow SCAMPI to have inter- 
connectivity on a world-wide basis operate on the C, X, and Ku band operational frequencies. 
The deployable packages include downsized electrical equivalent replacements for the 20-foot 
Quick Reaction Satellite Antenna. [Ref. 15] Defense Satellite Communications System 
provides the satellite channels necessary to relay the SCAMPI network to deployable nodes. 
The DSCS SHF SATCOM space segment consists of DSCS IJ and III satellite constellations 


with coverage areas ranging from 75 degrees North to 75 degrees south. [Ref. 4] 
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Figure 2-1] Basic SCAMPI Configuration 

The ability to rapidly link the deployed SOF contingent with the connectivity and 
functionality of the SCAMPI network allows interoperability on a world-wide basis. The 
deployable SCAMPI nodes share the inter-connectivity of all other CONUS based nodes and 
the basis for network management and metrics still exists in this deployed status. 

Figure 2-2 shows a notional diagram of the SCAMPI network.[After Ref. 17] It is 
provided to illustrate the types of internetwork connectivity, bandwidth, and nodal relationships 
that exist in the CONUS and deployed SCAMPI network. No geographical attributes of the 


system are labeled but the reader should understand that the system covers SOF organizations 
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Figure 2-2 SCAMPI Hub Topology, Notional 
on both coasts and multiple sites in the Southeast. 

This network is specifically tailored to cover the special operations missions and 
support functions. SCAMPI is currently extended to over 35 organizations in the SOF 
community, and will be available for use by a Joint Task Force (JTF) and a JSOFT, as well as 
the special operator. [Ref. 17] 
eS SYSTEMS READINESS CENTER (SRC) IMPLEMENTATION 


The SRC serves as the Network Operations Center (NOC) equivalent in commercial 
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industry terminology. The SRC is located at the USSOCOM headquarters but allows 
management functionality to exist for the entire network, including pre-deployment checkouts 
on deployable SCAMPI Nodes. The SRC serves in the capacity of a 24 hour trouble desk 
facility. Any network or computer related problem can be referred to the center. Help 
operators, in addition to being able to answer questions on common workplace applications, can 
take information about a system malfunction and enter it into the tracking system. [Ref. 17] 
D. SCAMPI NETWORK MANAGEMENT SYSTEM (NMS) 

The SCAMPI SRC uses two NMS’s, Network Equipment Technologies (NET) Open 
5000 and the Hewlett Packard Openview. The NET Open 5000 is used to monitor the 
functionality of the IDNX 90's and other NET equipment. The HP Openview is primarily used 
to examine other elements of the SCAMPI network. The HP Openview is also extended by a 
third party application, Transcend®, which allows an enhanced examination and management 
of 3COM products. The ability to view graphical representations of a device and allow 
“virtual” manipulation of the network device such as allowed in Transcend is a feature common 


in modem network management tools. [Ref. 6,7,17] 


GI 





It. NETWORK MANAGEMENT AND METRICS 


A. NETWORK MANAGEMENT OVERVIEW 

This chapter summarizes volumes of industry terminology and practices. The intent is 
to acquaint the reader with the fundamentals necessary to understand the problems and 
proposed solutions for network management and metrics implementation. The tables provided 
in this thesis will hopefully allow more of a checklist approach to be undertaken to measure the 
functionality present in any network management system that is being proposed or reviewed 
for completeness. ° 

The industry practices that are condensed into table form are not present in all network 
management systems. Vendors emphasize different aspects and approaches to this very 
difficult problem. Vendors that produce network components structure their network 
management systems to favor and support aspects present in their components. 

The networks management and metrics measurement systems are constantly evolving 
so this is just a snapshot of the state of the art at the time of wnting. HyperText links to 
industry sources and network management/metrics sites are compiled and presented in 
Appendix D. The review of these and other online links by administrators and network 
engineers on a periodic basis is recommended to preclude the “18 month technological 
obsolescence cycle” which is even more pertinent to this field. 

1. Network Management Systems (NMS’s) 

Network Management Systems 1n their simplest forms provide the basis for: network 


monitoring,-metrics collection, configuration control, maintenance, accounting, and restoration 
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[Ref. 9]. The basic purpose of network management is to automate the processes of monitoring 
and adjusting the performance of a network, as well as providing reports and measurements 
(metrics) of network activity. . NMS’s exist in differing degrees of complexity and 
sophistication. The amount of network management present in a network is usually dictated 
by several factors, including policy and budget. A large network is not always indicative of 
network management presence. Several large universities were examined in the course of 
research for this thesis and neither had any structured management system in place. 

2 NMS Functional Management Areas 

Tables 3-1 through 3-5 provide a reduction to tabular reference form, and facilitates 
a quick cross reference of each of the NMS functional management areas. These functions exist 
in differing degrees in different vendor packages. Different divisions and definitions of these 
functional areas exist with different vendors. The division presented here attempts to survey 
the field and include functionality from many different areas. [Ref. 21,22,23,24,25,26] Each 
table will have amplifying remarks following. All tables are organized into functionality areas 
on the left with representative and illustrative industry examples on the night. 

The elements of the functional management area can be overlapping into several areas. 
For example, measures that can determine performance management can also be related to 
those in the fault management and restoration areas. The adaptation of measures in one area 
may also have unintended interactions in another. Examples might include: Security measures 
may slow performance, and fault management may occur at the expense of network throughput. 
The network engineer and administrator needs to consider the ramifications of such policies. 


Table 3-1 details the elements and tasks performed in performance management. 
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PERFORMANCE MANAGEMENT 


Gather performance data on those variables | Allows automated, selective collection, 


of interest retrieval, storage and manipulation of data 
Metrics can then be generated for 
management decisions or automated 
network restoration 
NMS should be able to monitor, analyze 
and generate user defined reports on the 
metrics selected for use 


Analyze the data to determine normal Benchmark levels are determined from 
(baseline) levels normalized operational measurements and 
calculations on selected parameters 


Determine performance thresholds for each | Allows establishment of alarms to - 

variable alert/assist Network Operations Center 
(NOC) operators when values depart from 
preset thresholds 


Simulation Determine performance measures given 
differing configurations, routings, 
equipment line-ups, degradations 


Tasks performed by performance Monitoring and measurement of quality of 

management: service (QoS) parameters, detection of 
performance bottlenecks, QoS reporting, 
performance and capacity planning. 





Table 3-1 Performance Management 
Performance management exists in several categories. Depending on the monitored 
devices this can be as simple as determination of the status of the interconnecting links or as 
complex as advanced metrics. Advanced performance management can also enable pro-active 
methods. An often cited example of pro-active performance management methodology is 
network simulation. Network simulation can be used to project how network growth or changes 


in operational tempo will affect performance metrics. Network management packages can 


lie 


include this feature as a standard application or allow the use of a “plug-in” simulation package. 
Analysis of growth and its impact on an existing network can be one of the most beneficial 
byproducts of simulation. Projected growth patterns observed by metrics can be applied to 
“what if” scenarios to analyze the performance of the network under projected growth factors. 

Networks that are subject to greatly varying traffic loads, such as a military network, 
can use simulation to model and validate system capacity. Contingency planning and 
operations can stress a network’s capacity compared to the relatively low level of day to day 
support functions. The ability to project the impact of a loss of a node in a battle or crisis 
situation is also an aspect that simulation can provide the military planner. 


Table 3-2 details the asset/configuration management area: 


ASSET/CONFIGURATION MANAGEMENT 


Monitor network and software Tracking of existing network elements and 
configuration information their software licensing/application 
loadouts for ADP compliance 
Storage of all address and management 
information databases necessary to 
maintain, restore, or reconfigure the 
network 


Autodiscovery The ability to discover and map new 
additions to the enterprise network 
(within community string limitations) 

Password protection (of NMS) Prevent unauthorized changes to 
configuration 


Tasks Automatic documentation of configuration, 
| resource configuration, remote 
configuration, administration of network 
history, mitialization and monitonng of 
configuration operations. 





Table 3-2 Asset/Configuration Management 
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A network consists of a number of resources that have to operate in a certain manner. 
Configuration management will combine and adapt resources in order to supply the requested 
system performance. Network configuration changes can have positive or detrimental effects 
on the performance, stability and availability of network assets. Derived metrics most always 
require the knowledge of numbers of users and allocated resources. Changes in network 
configurations that are not known to the metric process can produce very misleading metrics. 

Network configurations can be maintained in configuration profiles. This type of 
structured approach allows a simplification in the deployment and evolution of facilities. An 
organization can utilize the system to facilitate software and firmware distributions as well as 
synchronizing the automated setup of network devices. 

Auto-discovery is a feature that allows the system to constantly monitor and detect the 
presence of new assets from their internetwork communications. Generally auto-discovery is 
limited in its’ search function by the community strings that are given it. These community 
strings are the “names” of the network segment that the NMS has selected for monitoming. 
[Ref. 9] 

In commercial networks the asset/configuration management area provides the 
inventory and financial management of the network’s equipment, facilities and software. The 
management area can compute the associated location, costs, vendors and warranty 
information. The support in computing costing of existing network elements and planning for 
future asset acquisition is enabled with this functionality. 


Table 3-3 illustrates the accounting management areas and tasks: 


ley 


ACCOUNTING MANAGEMENT _ 


Usage patterns 





Determines where the traftic handled on 









the network is originated and in what 


quantities. 


Usage quotas Determines overages and underutilization 





of circuits to allow optimum fiscal and 


operational management 





Resource utilization Allows economic and performance analysis 


of existing circuits 
Tasks Monitoring of accounting data, handling of 
accounts, assignment of costs to accounts, 


supervision of quotas, accounting statistics 
Table 3-3 Accounting Management 


The primary purpose of accounting management, 1s to measure network utilization so 
that users of the network get their allocated service. The first step toward appropriate 
accounting management is to measure utilization of all important network resources. In anon- 
billed network, where users don’t pay directly for their usage, the use of accounting 
management is best suited to ensuring optimal resource utilization. 

Usage patterns and resource utilization require the ability to monitor ongination and 
destination headings of traffic. Without revealing any of the content of the message the system 
needs to be able to track originations and successful deliveries of data. [Ref. 1] 


Fault management is delineated in Table 3-4: 
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ee : 


FAULT MANAGEMENT 






Detect, log, automatically fix (to extent The ability to execute pro-active network 











possible) restoration routines 





Restoration routines often scripted and 








automated 





Issue real-time alarms to NOC’s 
Log all faults and alarms 


Test connectivity of all devices 


Monitor activity and changes in network 







| Monitoring of network status, reception 






and computation of alarms, fault 






diagnostics, initialization and monitonng 






of fault recovery, user support 
Table 3-4 Fault Management 





The primary aim of Fault Management is to detect, log and automatically restore 
network service. The ability to pro-actively and automatically reroute traffic based on a 
predetermined, controlled algorithm allows the least amount of down time or delay to a 
network user. If a system has suffered a catastrophic failure of major nodes the system may 
have to revert to a scripted restart of major components. If the system does not have fully 
automated re-route capability the system should give the operator assistance in manual 
restoration. 

An increasingly used function of fault management is in the area of reliability analysis. 
[Ref. 24] While the NMS can be used in the troubleshooting and restoration mode, the analysis 
of the reliability characteristics of components ensures better system operation through 
prediction. This ability to conduct analysis places the system in more of a proactive mode that 


allows a higher quality of service to be achieved. 
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Fault management also overlaps the area of testing connectivity of the network. The 
metrics dealing with connectivity include the measures of availability of network interfaces, 
transmission characteristics such as transit time and delay, as well as the detection of error 
creating malfunctions. 


Security management is outlined in table 3-5: 


Monitor access points Pnmarily in unclassified networks but 
applicable in classified systems when 


using external networks 


Identify sensitive network resources Identification of threat potentials and the 


pro-active utilization of redundancy and 


automatic backup routines 


Access control, encryption of data, 


authentication, operation of security tasks 





Table 3-5 Security Management 

The primary purpose of the security management functionality 1s to provide for the 
definition, maintenance, application and enforcement of an organizations security policy. 
[Ref. 25] This should occur across the network, regardless of technologies or infrastructures. 
This becomes increasingly important as private networks are interfaced to external networks. 
The requirement to interface with the Intemet and the SIPRNET adds complexity to the 
security management requirements of an organization. 

In encrypted and closed networks this function is not generally handled the same as in 
un-encrypted networks that deal with internetwork connections. If however, a linkage to an 
outside network is enabled, additional security issues must be addressed and ensured. 


Multiple Level Security implementation is currently a difficult problem for most DoD 
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networks. Pending technological advances and incorporation of the chosen solution, this 
problem remains unsolved. Multiple level security issues are not addressed in this thesis in the 
context of network management. 

Table 3-6 provides an initial look at types of monitored events that can be handled by 
a network management system. [Ref. 5, 9, 25] These events can be the basis for metrics 


measurements and can provide troubleshooting aids to the NOC engineers. 


TYPES OF MONITORED EVENTS: 


Number and state of its virtual circuits | This type of event malate auto-discovery 


related topology corrections. 
If GUI MMI present will be presented in 
| topological format 


Number of certain kinds of error messages | Packet error messages, 


received 


Number of bytes and packets in and out of {| Typically from routers and node switches 


device 


Maximum output queue length (for routers | Queued responses or trap messages 


and other internetworking devices) 


Broadcast messages sent and received Error messages based on predetermined 


events or levels 


Network Interfaces going down and Can be trap messages or reboot messages 


coming up from switches 


Table 3-6 Types of Monitored Events 





a. NMS Attribute Characterization 
Table 3-7 summarizes many of the industry wide characteristics of NMS’s at the time 


of writing. fRef. 21,22,23,24,25,26] These are generic and non-vendor specific unless noted. 
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— ATTRIBUTES OF TYPICAL NMS’s: 








Able to monitor large numbers and types of 
network devices: 


Routers, hubs, concentrators, switches, 
servers, PC’s, printers, etc. 

Increasingly any device connected to the 
network 

















| 1000, 5,000 10,0000+ are typical values 
for the number of network elements (devices) 
able to be monitored and managed 

| NMS Packages usually have pricing structures | 
based on scalability limits | 


Scalable 







| Able to cover entire network and interfaces to 
other services 

Helps distinguish who has the outage - Intern: 
or External to a network 

WAN coverage with LAN probe functionality 


Enterprise-wide monitoring 

















Use the IP-based SNMP Protocol and RMON | Ifnot using SNMP will use CMIP or SNA or 


similar standards. 


extensions to monitor most types of network 
elements 













Allows a single NMS to service an entire non- 
homogenous network 

May require 3" Party plug-ins to monitor 
some devices 


Non-vendor specific 







Provide a platform on which third party Example 3COM Products - Transcend 
applications for the monitoring of specific 
devices can be run 


















Runs under UNIX or NT, and can be extended 
so that locally developed and commercial 
server processes can be monitored 


Typically on a Work Station, with dedicated 
usage and sufficient hardware and memory 
resources 


Allow an operator to use graphical tools todo | As in HP Openview and Transcend 
ad hoc inquiries about the state of devices on 
the network 

Table 3-7 Attnbutes of Typical NMS’s 


These baseline functional attributes are typically included in most NMS packages with 


additional options and vendor specific plug-in packages available. 
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A consolidated table of NMS functionality 1s provided in Table 3-8. [Ref. 25, 27] 


Management Function 


is 







Create, delete, examine, and update 
objects; report that such manipulations 
have taken place. 


Monitor object’s management states; report 
when these states are changed. 


Establish, monitor, and view the 
relationships among objects. May also 
include the auto-discovery capability to 
discern new additions to a network. 


Object Management 


State Management 


Relationship Management 


Alarm Reporting 
Event Reporting 


Security Alarm Reporting 



































Provide notice of and information about 
faults, errors or other network 
abnormalities. 





Select events to be reported; specify the 
destination of reporting. Distributed 

management levels may require multiple 
reporting destinations. 








Provides notice of security alarms set by: 
improper procedures, illegal entry 

attempts, can include physical entry if tied 
into the network reporting. 


Security Audit Trail Provides ability to reconstruct events and 
procedures that were used in a improper or 


illegal entry attempt or measure 


Log Control Handles event logs, log events, and allows 
creation of new logs. 

Access Control Controls access to networks, applications, 
and data 


Table 3-8 Consolidated NMS Functionality 
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B. NMS STRUCTURES 

1 Managed Objects 

Network management models are built around managed objects, which are any network 
elements that can be used or monitored. These models generally specify the kinds of attributes 
managed objects must have and the kinds of functions associated with them. A network 
management configuration generally involves a managing process, which runs on a managing 
station. The managing process collects performance and other data about the network or about 
particular nodes on the network. This information is actually gathered by managing agents, 
which are programs that monitor workstations, PC’s, printers, or any other network device, and 
that can report this information to a managing process. The details of this monitoring and 
reporting process help distinguish different network management models. [Ref. 9] 

Network management is generally implemented as a high-level application, so that the 
management software uses well-established protocol suites, such as the TCP/IP protocols, to 
do its work and to move its information around. Various models have been proposed for 
network management. The two most comprehensive proposals are the models developed for the 
Intemet Protocol (IP, or TCP/IP) and for the ISO's seven-layer OSI (Open Systems 
Interconnection) model. In addition, major network management packages still rely on 
mainframe-based management models, such as those developed by IBM, DEC, and AT&T. 
[Ref. 9] A typical NMS system is shown in Figure 3-1. 

This figure shows a typical first generation NMS enhanced by a proxy server. [After 


Ref. 9,21] The functionality shown is purposeful to match the studied NMS in this thesis. 
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Typical Network Management Architecture 


Network Management System 


Network 
management 
protocol 
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Network 


Management database Management database - A 


Managed Devices 





Figure 3-] Typical Network Management Architecture 

De Network Management Station Software 

The network management capabilities are usually implemented in software. The 
management tools may be specialized (for example, collecting just performance data) or 
comprehensive. Tools must have monitoring, reporting, and analysis capabilities. Those tools 
that will serve as managing processes as the control programs for the network management also 
need control capabilities. In general the management models do not specify the details of how 
these capabilities are to be implemented. For example, programs may report data in text or 
graphics form. 

Programs will also differ in their monitoring capabilities. The tools may be designed 


for Local Area Network (LAN) or Wide Area Network (WAN) management or both. Although 


os 


many of the tasks are the same for managing both LANs and WANs, there are some important 
differences, mainly with respect to reporting and timing. Management tools that are designed 
to manage both LANs and WANs are sometimes known as Super Managers, and they are part 
of even more comprehensive architectures. 

An agent is a software process (daemon) running in a remote device. It is an embedded 
process which monitors the activity of the device’s interfaces and stores all the information that 
1S monitored into system memory that can not be cleared until the device is re-powered. The 
information that is gathered is placed into registers that correspond to variables of interest to 
the SNMP process. Each device in the network has a separate and distinct set of management 
information. [Ref. 9] 

An agent is hosted by the device and is dependent upon the device being operational 
and functional to allow communication back to the NMS. SNMP agents monitor the desired 
objects in their environment, package this information in the appropnate manner, and ship it 
to the management station, either immediately or upon request. 

In addition to packets for processing requests and moving packets in and out of a node, 
the SNMP includes traps. A trap is a special packet that is sent from an agent to a station to 
indicate that something unusual has occurred. This information follows a predetermined format 
and procedural occurrence. [Ref. 9] 

3: NMS Protocols 

Network management protocols are usually either, the SNMP of the Internet Protocol 
Suite (TCP/IP) widely used in data networks, or the ISO CMIP for use in public 


telecommunications networks. [Ref. 9] The protocol that is applicable to this study and thesis 
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is the SNMP and any extensions of the basic protocol. 

4. Management Information Base (MIB) 

The data communicated between the Network Management System (NMS) and the 
managed entity (agent) are formally defined as object classes in a Management Information 
Base (MIB) or Management Information Tree (MIT). The format is the Abstract Syntax 
Notation - 1 (ASN.1) and is encoded for transport using the Basic Encoding Rules (BER). 

The implementation of the agent 1s dependent on the device in which the agent will 
reside. The vendor of the device usually is responsible for any implementation of Network 
Management functionality. As long as implementation of the agent is compatible with the 
standard protocol, MIB or MIT definition and encoding conventions the agent will be 
manageable by the NMS. [Ref. 24] 

Open applications and extensible agents need not be written in the same language. 
While NMS applications are “open” and can be modified for increased functionality and 
extended to manage more agents, the agents are usually closed systems and generally cannot 
be modified. If an entity is modifiable, the amount of system assets available to management 
functionality usually is very small. Many managed entities lack the ability to be directly 
managed in either the SNMP environment. 

a Remote Monitoring (RMON) 

Devices that traditionally have been employed to study the traffic on the network are 
referred to as network analyzers, or probes. These monitors operate in a “promiscuous” mode, 
viewing every packet in the circuit to be analyzed. These devices can be located in any type 


of network, with the location determining the level at which they monitor. PC’s with a RMON 
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program can monitor LAN activity. Routers can have RMON probes attached or have 
imbedded functionality. [Ref. 24] 

The monitor produces summary information, including error statistics, such as counts 
of undersized or oversized packets and number of collisions. Performance statistics, such as 
number of packets delivered per second and packet size distributions can be determined by this 
form of monitoring. There are many metrics that are unattainable without the presence of a 
RMON device. The misplaced concem for secunty of traffic has caused many a manager to 
not be able to adequately configure probes in the network. The address headers of packets, not 
the content of the message, is what 1s important to read and measure. 

6. Network Management Standards 

Networks are very heterogenous in composition. Multiple vendors coupled with only 
Requests for Comment (RFC)’s for industry “standardization” allows a wide variance in the 
implementation of network functionality. In the area of network management implementation 
this variance reflects industry trends. Technological changes produce legacy elements that 
while still useful for task production may not communicate well with newer management 
systems. The constant moving target of industry standardization has produced several versions 
of each standard. SNMP is currently SNMP v.2, MIB is currently MIB II, etc. Each new 
manufacturing cycle institutes current standards but may not include backwards compatibility 
for all functions. [Ref. 9] 
eS METRICS 

iL Metrics Functionality 


The ability to collect metrics, or measurements of network performance, exists through 
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the Network Management System’s (NMS) functionality. Each element of the network, that 
has network management functionality embedded in it in any form, is capable of storing and 
reporting events that when processed and analyzed can produce metrics. These metrics are 
dependent upon the ability of the NMS to provide tasking as to what is to be collected, what is 
reported, when is it reported and what aggregate of time does each reporting period cover. 
[Ref. 21] Without a managed plan of metrics measurement most organizations are limited to 
simply measuring the availability of circuits and possibly their allocated bandwidths. 

Any network element that is not SNMP functional may have metrics gathered on it by 
a related or close proximity element that is operational. An example of this would be in a LAN 
in which not every device contains an agent but the server serves as an” intelligent agent” and 
reports on all the devices in a LAN sub-segment. Distributed management functionality such 
as this instance is not always present in some Network Management implementations but rather 
have only a single station that polls all elements. 

Metrics also have to tailored to the management objective. The simple flow of traffic 
through a network element will produce any set of management statistics that are requested. 
If the statistics measured, recorded, stored and then forwarded do not match the management 
objective the effort is wasted. [Ref. 9,21] The NMS and metrics process also adds to the total 
network traffic. The aim of most systems is to make this process very transparent and 
insignificant in terms of network statistics. 

The ability to accomplish all metrics functionality does not exist in the SNMP or CMIP 
protocols. Vendors have been producing extensions that seek to better measure functionality 


of their devices and applications [Ref. 24]. Any structured metrics program will have to make 
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decisions on the management objectives, the implementation structures and strategies, and the 
cost basis of this effort. The levels of management reporting and the detail of information 
required directly impact the overall metrics schema. Metrics are measurements of a process. 
The concept of metrics encompasses all industnes and professions. Metrics will be used in this 
thesis to mean a measure of a network process. 

Da Types of Metrics 

In industry practices, two types of metrics are generally categorized and defined: 
formal and empirical [Ref. 1]. Each will be examined in the context of network management. 

A Formal Metric is one that views a component in terms of its abstract, mathematical 
properties. In terms of a network this would emphasize viewing network properties in 
analytical terms. Two examples of a formal metric: 

a) Bandwidth of a physical link: 

A links maximum data-carrying capacity, measured 1n bits per second. 

b) Buffer size of a router: 

How many bytes the router has available for buffering queued packets. In practice this 
might be specific to the outgoing interface, or it might be shared between the different 
interfaces, or it might be different for different flows or types of flows. These differences are 
crucial, and illustrate some of the difficulties of devising well-defined formal metrics. 

Empirical metrics correspond to properties that are generally too complex to discuss 
analytically but are still very important for practical measurement. These metrics are generally 
defined directly in terms of a measurement methodology. When confronted with complex 


systems measurement, many measurement communities have used the benchmark approach, 
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in which some standardized applications are used to stress a system, and the system’s 
performance in executing the benchmark is then used as a metric for how well the system 
performs in general. 

3. Network Metrics in Commercial Networks 

The general usage of metrics measurements in commercial networks divides the 
measurements into four categones: 1) Utilization metrics, 2) Performance metrics, 3) 
Availability metrics, and 4) Stability metrics. [Ref. 9, 24] 

Table 3-9 shows representative metrics categories that are found in commercial 

network management/metrics packages. This is a collection of metrics examples and does not 


directly correspond to any given vendor. 


Metric Category 


| Utilization - Total input and output packets and 
- Various Peak metrics 
- Per protocol and per application metrics 


Performance - RTT metrics on different protocol layers 
- Numbers of collisions on a bus network 
- Number of ICMP Source Quench 
| messages 
- Number of packets dropped 
Availability - Line availability as percentage of uptime 
- Route availability 
- Application availability 


- Number of fast line status transitions 


| - Number of fast route changes (route 
flapping) 
- Short term ICMP behavior 
- Next hop count stability 
Table 3-9 Metrics Categories 
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IV. SCAMPI METRICS IMPLEMENTATION 


A. SCAMPI METRICS DESCRIPTION 

The SRC serves the NOC role in the SCAMPI Network. The metrics program that has 
been implemented tracks what would be broadly termed in industry as performance metrics. 
These metrics are utilized to fulfill troubleshooting and management functions. 

The data to verify performance metrics at USSOCOM is gathered at the Systems 
Resource Center (SRC) [Ref. 6]. Performance metrics are divided into two main categories: 
system metrics and circuit metrics. The SCAMPI system metrics include Mean Time Between 
Failures (MTBF), Mean Time to Repair (MTTR), bandwidth utilization and system availability. 
[Ref. 7,17] 

This performance metric measurement is utilized to ensure contract compliance by the 
long haul carrier network provider. The performance measurement of the T1 and fractional 
T1's (FT1) is conducted in the SRC using the Integrated Digital eXchange (IDNX) Network 
Management System (NMS) 5000 which monitors the IDNX 90's located at principal hubs. 
All contracted T1's are provisioned for extended superframe format (ESF) and Binary 8 Zero 
Substitution (B8ZS) coding. ESF allows the government and the contractor a nonintrusive 
monitoring capability that is used to measure the link and node performance of the SCAMPI 
network. [Ref. 8] 

B. PERFORMANCE METRICS 
This summary illustrates the nodal metrics measured on SCAMPI. These tables borrow 


heavily on the early work of the MITRE and GTE representatives on staff at USSOCOM and 
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are recreated to give an understanding of the current methodology utilized for metrics 
calculations by SCAMPI engineers. The metrics found in these tables do not necessarily match 
the industry definitions given in the previous chapter but do provide a structured basis for 
measuring the network. [Ref. 6] 

Table 4-1 provides the metrics applied against the network to determine Mean Time To 
Repair (MTTR) and Mean Time Between Failures (MTBF). These metrics are measured and 
derived by tracking the T] and FT1 circuit statuses. Human observation and consultation is 
present on the determination of times. 


SCAMPI Standard 


Routine Nodes MTTR - (Hours) Y2 hour at manned sites during normal 
working hours 
4 hours at manned sites after normal working 


| hours 


Critical Nodes MTTR - (Hours) ¥, hour 24 hours/day 
All Sites MTBF - (Hours) 280 hours 


All Sites Availability 98% 





Table 4-1 SCAMPI Nodal Metrics 


Table 4-2 examines the SCAMPI Circuit Performance Metrics including circuit 
availability, bit error rate (BER), errored seconds and severely errored seconds. These 
parameters come from the monitoring of contractual compliance of the long haul carrier. The 


basis for these metrics includes human observations and resolutions of fault during outages. 
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SCAMPI Standard 


= —_—— a rete 


Availability 99.95% (operational efficiency) 
BER 1 x 10°’ (Contractually 10°) 


Fewer than 8% of one-second intervals to 






Errored Seconds 





have any errors. (Equivalent to 92% error 
free seconds) 





Fewer than 0.2% of one-second intervals to 
have a BER worse than 1 x 10°’ 


Severely Errored Seconds 





Table 4-2 SCAMPI Circuit Metrics 


Circuit Availability Metrics are presented in Table 4-3. 


Calculation SCAMPI 
Standard 


99% 


Metric Data Source 


O&M 


Circuit/System | CSU (Primary) 
Availability NMS-5000 
(alternate) 


NMS-5000 
BER Report 


NMS-5000 
Trunk Frame 
Slip Report 


[uptime/(uptime 
+ downtime)] x 
100% 





No. of errored 10°’? CONUS 
bits 10°OCONUS 
Total No. of 
bits 


Not specified 


Internal to 
NMS-5000 


Table 4-3 Circuit Availability Metrics 


os) 


contractor 
calculates and 
provides info to 
SRC. Outage 
responsibility 
assigned by 
SRC. 


Predetermined 
NMS-5000 
Report, SRC 


Predetermined 
NMS-5000 
Report, SRC 





c. DERIVED METRICS 


The derived metric measurement and calculation is divided into the areas of: load 
forecast and Grade-of-Service (GOS). 

Derived metrics are determined by analysis of network operational data. This process 
requires interpretation of collected data. They are derived from network usage statistics and 
information obtained from Integrated Digital Network eXchange (IDNX) and HP Open View 
LAN manager software. 

l. Load Forecast 

Load forecast is based on the current SCAMPI user demand. Bandwidth allocation is 
set for each user. Load forecast trend data is used to project growth requirements. An example 
of load forecast is shown in Appendix A. 

2: Grade-Of-Service (GOS): 


GOS is divided in to voice and data subcategories, and is based on available service. 


D. TRAFFIC STUDIES AT USSOCOM 

Appendix A. contains representative traffic studies at USSOCOM. The one that are 
included are purposely aged, not specific to any real world crisis and respective of the limits 
of the USSOCOM SCAMPI classification guide. 

The inclusion of the studies is to illustrate the state of the art, the existing basis of 
metrics and to offer and illustrate recommendations based on selected examples. Further 


reference to the studies in the recommendations chapter will be used to illustrate limitations. 
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V. CURRENT NMS/METRICS LIMITATIONS 


A. STATE OF THE ART NETWORK MANAGEMENT PROBLEMS 

The inherent problem with any assessment of a system is that while it was state of the 
art or ahead of the art at the time of installation, time and industry strides can bypass its 
treasured status. The USSOCOM SCAMPI Network remains a highly reliable, efficient 
network in its present form. The design and utilization of T1 capable fiber optics and reliable 
high speed hub switching systems has allowed the QoS and design parameters to be met and 
maintained. 

The recommendations offered here are intended to solicit improvements and changes 
to maintain its preeminent role in serving the SOF community. Each problem will be stated 
and then a proposed solution will be offered. These problem/solution sets are just a starting 
point and will require investigation into the implementation of each in the context of the total 
management of the network. As with most aspects of network management, Solutions that are 
offered have interactions and cannot, be considered separately. 

The recommendations are then consolidated and placed into table format. The table 
form shows interactions of the recommendations and implementation factors. It is followed by 
an assessment of the recommendations and the functional management areas covered earlier 
in the thesis. This form was chosen to maintain the consolidation “checklist” approach adopted 


in the industry survey section. 
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B. PROBLEM 1 AND RECOMMENDATION 


I: Problem: Centrally managed NMS topology, inability to adequately poll 
from central point without overloading system. 


In USSOCOM, the NMS is centralized and all functionality exists in very few 
workstations. This is the normal topology of early network monitoring systems. The scalability 
of the SCAMPI network has followed the normal exponential growth curve thus aggravating 
the centralized network management/measurement approach. 

The polling rate and the large number of individual SNMP capable devices in a growing 
network will generally preclude the utilization of a single or small number of workstations to 
adequately poll and collect responses from a single location [Ref. 23,25]. _ If there are 
thousands of devices on the network, the percentage of traffic related to just insuring network 
presence can become unacceptably large. Polling rates of the SCAMPI network have been 
purposely held low through programming and most SNMP calls to devices reflect the SRC’s 
role in troubleshooting [Ref. 6]. 

Reliability and redundancy issues in a high priority network could also lead to the 
question of: “Why a single point failure of the SRC could allow critical network management 
functionality to go unaccomplished?” This issue coupled with the offered solution seeks to 
eliminate that possibility. 


De Solution: Distributed managerial presence in the form of C\S at each major 
Node to encompass the LAN/WAN management. 


The requirement to segment the network and distnbute the managerial functions seems 
necessary. The industry trend of Client-Server distribution of data base servers can form the 


basis of this type of functional distribution. By distnbuting servers, the workstation doing the 
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polling can be topologically closer to the devices which it manages. This reduces traffic, 
particularly traffic through WAN T1 lines from and back to the SRC. Multiple small servers 
will generate less traffic overall than a single workstation polling all stations from a great 
distance. Each server will contain the network information, MIB’s, RMON Tables for each 
network section in it’s cognizance. 

The primary argument against such a measure as this is that it will have costs associated 
with the allocation of servers and programming to perform this function. The cost differential 
of having this monitoring function performed on a distributed basis on existing assets, with a 
higher degree of network monitoring being possible offsets the implementation cost. 

The ability to transparently view and navigate the distributed servers from either the 
SRC or an alternate viewing point seems very beneficial. Two looks at a single failure can give 
the SRC a better idea of the real solution. This functionality in the monitoring of T1 line 
availability is done with personnel at key nodes and the benefits of dual looks is demonstrated 
there. Another aspect of distributed servers is the aspect of network restoration. In a centrally 
structured NMS system any scripted, or manual, network restoration effort will be essentially 
sequential and incurs the wait time for processing serial events. 

LAN managers present in the distributed nodes of the USSOCOM network do many 
similar functions to the distributed C/S described in this solution. The ability to examine this 
data in the performance of WAN network management seems not to have been exploited thus 
far. A C/S distributed system should help facilitate the incorporation of LAN specific 


measurements into the overall NMS plan. 
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C. PROBLEM 2 AND RECOMMENDATIONS 


im Problem: SNMP/RMON Limitations, inability to adequately measure 
network devices for baseline performance. 


SNMP provides details about network devices with an SNMP agent--a router interface, 
for example--but it won't produce any data about other devices on the network, such as the end 
nodes that communicate over that router interface. Even if every device you wanted to monitor 
had SNMP, it would be impractical to poll them all to correlate data and extend your baseline's 
reach. SNMP is quite effective for configuring and managing devices, but it doesn't generate 
the high level of performance detail that good traffic base-lining requires. [Ref. 21] 

SNMP depends on polling of network devices to determine the content of network 
management data. RMON presents a standard way to gather performance data from LAN 
devices and reduce SNMP polling [Ref. 9]. But it has several drawbacks: it's LAN-centric; it 
provides only Media Access Control (MAC)-layer information; and it can't correlate traffic to 
expose end-node conversations, or tell which applications are generating the traffic. 

RMON version 2 addresses some of these limitations but unfortunately remains 
LAN-centric. It's also very processor-intensive, driving up the per-managed-segment cost of 
RMON probe [Ref. 9]. As a result, the WAN continues to be a “black hole” in terms of ability 
to be measured and managed. To remedy this, many vendors manufacture WAN probes that 
use proprietary RMON management information base (MIB) extensions to track WAN 
utilization, errors and other critical statistics. [Ref. 23,24,25,26] Since we don't have a standard 
MIB to assess these functions, this becomes a sensible approach. 

pe Solution: SNMP/RMON Probes And WAN Network Monitoring 


- 


RMON probes cost money. Lack of probes cost money and create inefficiencies. The 
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decision becomes whether the network will or won’t be monitored to produce proactive 
measures that insure better service for the user. There are usable, viable industry utilized 
metrics of performance that currently can not be measured or analyzed at USSOCOM. The 
current system cannot be modified with just software packages to provide this functionality. 

In a similar effort to this recommendation, the JWID 97 network evaluation and 
assessment effort includes some elements of this type of monitoring. Their plan uses RMON 
probes to analyze some content of the traffic being passed on selected high speed networks that 
interconnect the JWID demonstration systems [Ref. 28]. This recognition that the content 
analysis of traffic, as to the applications, protocols, and mixtures of traffic is fundamental to the 
accomplishment of effective network measurement and management provides further impetus 
to include this solution. 

D. PROBLEM 3 AND RECOMMENDATIONS 

f Problem: Non-Monitoring of Traffic as to analysis of application, protocol 

The monitoring of application and protocol related traffic indicators can reveal 
problems that otherwise can go undetected. Examples of this could include: protocol 
mismatches, incorrect routes, broadcast storms and even some low level denial of service 
attacks. 

A normal question to the network manager as to what percentage of traffic during an 
event was related to a certain user, set of grouped users, certain protocol or application can be 
exceedingly difficult if the system lacks this ability. While systems were onginally set up to 
handle telephone calls and “data,” the mixing of content and changes in the way information 


is being generated and handled has changed the percentages of traffic content. 
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See Appendix A examples 1-6. These traffic study examples are representative of 
USSOCOM network loads. Some circuits have very dynamic and widely varying loads while 
others have allocated bandwidth and low usage. What is happening when the traffic load peaks 
or bottoms out? Is there a network related malfunction occurring? Is there a contributing factor 
such as a protocol mismatch? Is this circuit fulfilling the task for which the bandwidth 
allocation has been slotted? | Unfortunately there is no current methodology in place to answer 
these questions. These questions and any associated metrics are essentially unattainable. 

pa Solution: Institute application and protocol monitoring capability 

The monitoring of the traffic application and protocol layers does not have be a full 
time, full enterprise-wide function. The required assets and monitoring equipments are initially 
best dedicated to problem areas and to proactive discovery of potential problems. New 
segments of a network could have dedicated testing in the initial “burn-in” phase. Older 
network segments that have experienced symptoms of BER, unexplained interruptions and 
outages, or other non-explained problems are also good candidates for this type of monitonng 
Once the performance and training aspects of the introduction of this capability are determined 
the capability can then be incrementally spread to critical nodes and left in place. 

E. PROBLEM 4 AND RECOMMENDATIONS 

iB Problem: Pro-active vs. Reactive Mode of Operation 

A NMS that is only utilized in the role of troubleshooting after a network failure, or 
monitoring and recording past events, lacks the ability to pro-actively analyze and react to 


traffic overflows, system malfunctions or even low level system attacks. 
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Ze Solution: System monitoring that detects, analyzes and reacts to network 
malfunctions, as they are happening. 


Implement a proactive NMS. This can either take the form of an additional software 
package that supplements the existing system, or less prudently a stand alone system. 
F. PROBLEM 5 AND RECOMMENDATIONS 

1. Problem: Interoperability Of NMS And NT systems 

Within the last few years most industry organizations have seen changes in individual 
operating systems (OS) and platforms with a pronounced shift to include more and more of the 
Microsoft Windows NT OSs. This OS shift has also been prevalent in the military. It has been 
stated as a standard under some CINC’s plans, such as USPACCOM’s Information Technology 
for the 21* Century (IT21). In addition the proliferation of NT servers at all levels of the 
organization has created a new dependence on these cheaper C/S systems. The migration of 
such systems as the Joint Defense Intelligence Support System (JDISS) to NT’s exemplifies 
the trend of workstation applications being ported over to the personal computer realm. 

The ability of a NMS to effectively monitor and utilize information from this rapidly 
increasing sector of the network needs to be addressed. The inability to directly access and 
utilize this information currently exists at the SRC. The amount of information and network 
management capability that can be added to the SRC’s capacity will increase as the 
proliferation of NT machines continues. The current capability that exists in the SRC with 
respect to NT machines would be to treat them as network objects, assign SNMP functionality 
and then poll them with respect to presence and rudimentary operation. 

2. Solution: Windows NT and Systems Management Server integration 


- 


Any interaction with NT systems, particulary with the NT as a server needs to follow 
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the philosophy of intelligent agents and ensure that the server (the agent) monitors event 
thresholds and other events and then reports SNMP traps to the cognizant C/S node. 

An enhancement to the NT server, the Systems Management Server (SMS) provides 
automated software and hardware inventory, software distribution and remote diagnosis 
capabilities. Departing from LAN functionality it also allows integration with leading 
enterprise management systems. The inter-connectivity with NMS systems such as the HP 
Openview found at USSOCOM 1s cited as a common industry standard. [Ref. 29] 

Advantages that can be achieved by this solution additionally consider the LAN/WAN 
divisions and concerms addressed in recommendation one. The abilities inherent in the NT 
servers to measure and monitor these functions as well as providing a viable platform extension 
for multi-vendor network components. 

G. PROBLEM 6 AND RECOMMENDATIONS 

1. Problem: Lack of Network Simulation 

The ability to model existing networks or sub-segments, and conduct “what-if” 
scenarios is a basic capability that most modern network management systems consider 
essential [Ref. 3, 21] The capability to automatically integrate auto-discovery included 
topology elements into the database and modeling algorithms allows new network additions 
to be timely considered in subsequent simulations. 

Table 5-1 illustrates the merits and problems of not having network simulation 


available in network management. 


44 





Network Simulation available Lack of network simulation 






| Training on network behaviors Networks are learned at the expense of 


restoration time 


















Simulated network problem solving Training occurs on real problems or 


experienced personnel handle problems at 
the expense of training 


Critical node analysis Designed network nodes remain static with 
little chance of improvement 

Traffic rerouting analysis Traffic studies over long periods of time 
may be necessary to detect problem areas 

Network dynamics fed into models Models non-existent or based on perceived 
behaviors 

Analytic tools built in Precludes tedious manual manipulation of 
compiled traffic studies 


Table 5-1 Network Simulation Aspects 





De Solution: Integrated Network Simulation 

The integration of a Network simulation and modeling system into the SCAMPI SRC 
would allow the benefits detailed in Table 5-1. An additional use of simulation in network 
management has been the development of SNMP and protocol simulators. These devices, 
(hardware required), simulate any network device and function or malfunction. This can be 
very useful to the training of network management personnel and to test proactive measures 
implemented in a network. A predictable, repeatable network fault can be extremely useful. 
H. SUMMARY OF RECOMMENDATIONS 


Table 5-2 starts the summary of the recommendations for the USSOCOM SCAMPI 
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USSOCOM NMS 

















Cost 
Factors Factors 


Personnel 
Factors 


Software 
Factors 











Hardware 
Factors 


Solution 
























| 


| Distributed | Primarily Training on 











Required. Per unit ' Industry trends 
Management existing Agentsrun | distributed cost of favor distributed 
Precence hardware on management | agent in management 
designated functionality | each 
servers Server 
location 













WAN Level WAN 
RMON Probe |} Probes 
Functionality 

(SNMP 

/RMON 

limitations) 


Training on 
WAN probe 
functionality 
and 

procedures 


Cost per unit 
can be 
leveraged as 
utilized 


RMON probes 
increasingly 
utilized on DoD 
networks 







































Adds 
requirements 
of traffic 
analysis 


Can be 
incrementally 
adopted and 
proven. 


Required for 
NMS - 
Application 
Protocol 
monitoring 


Highly used by 
industry 

DoD is starting 
to use 
increasingly 


Application, LAN / 
and Protocol, WAN 
Traffic Probes 
Analysis 

Capability 

















Cost of failure 
is high 


Automated 
restoration 
and 

proactive 
modes of 
operation 


Requires 
software for 
function- 
ality 


Pro-active None 
Mode of NMS_ |] &Hvisioned 





































Windows NT No new user | Required Adds NT Most NT OS is 
Server hardware. for NMS - SMS and functionality is |} increasingly the 
Monitoring Possibly NT | NT server resident in NT_ || DoD Standard 
Cc ; server in monitoring functions to | systems 

gpacy SRC SRC tasking 





Unknown 
factors 


Industry / DoD 
trends 


Network Some Required Adds 
Simulation systems, requirement 
(SNMP) 
require 
hardware 


of 
simulation 
utilization 


discernible by 
simulation is 
desirable 


favor adoption 


Ability 





Table 5-2 Recommendation Summary Table 
network. Table 5-2 gives a cross reference of each recommendation with the perceived 


hardware, software, personnel training and adjustment, cost and future factors for each area. 
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The format of the following tables is modeled after the industry survey tables in Chapter IJ to 
allow constant form and to enable cross comparison when considering vendor specific 
proposals. 

The solutions and factors are non-vendor specific and therefore cost factors are 
particularly generic. Costs of probes and hardware are much akin to transportation. Basic 
transportation is one cost, high speed capability 1s usually extra. Unlike cars, network products 
and computers continue to decrease in cost per given capability. The T1 lines at USSOCOM, 
which used to represent high capacity in terms of network connectivity are easier to measure 
in terms of moder probes than the yet higher speed ATM capabilities on the near horizon. 

Table 5-3 provides a cross reference between the NMS functional areas described in 
Chapter If and the recommended solutions. Some areas are blank. Not every recommendation 


solves a need in every functional area. 
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Performance 
Met. 


Recommended 
Solution vs NMS 
Functional Area 































Higher poll Multiple Auto- Better enhanced 
| rates of NMS databases discovery in | detection access 
objects with allows distributed | through point 
out affecting dual role is more | enhanced monitor 
network back ups efficient presence functions 
performance 





| Distributed 
Management 
Presence 































Able to 
measure 

| WAN metrics 
currently 
unavailable 









Enabled 
| WAN fault 
detection 
(Not 
currently 
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to detect 
protocol, 
traffic 

related 
attacks 


WAN Level 
RMON 
Probe 
Functionality 
(SNMP/RMON 
limitations) 






































Ability to | Ability to 
tune : detect 
network to | based on protocol, 


| Application, and Ability to a 
Protocol, Traffic measure critical 


ath not now 
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handle early 
high BW detections 
loads 














Fault 
restoration 


Faster resolution 
of performance 
bottlenecks 






Pro-active 
Mode of NMS 


























| Enables NT 
security 





| Increased 
area of 








Windows NT Able to add | Able to Adds NT 


Server the NT SMS | monitor | abilities 













Monitoring and server | NTassets, | for asset fault functions 
C : performance software, control and | detection 
ap Belly monitornmng 1} & | manage- 


configur- ment 
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Improves 
network 
design and 
loadouts 


Increases ability 
to tune 
performance of 
network 





Network 
Simulation 















Table 5-3 Recommendation vs NMS Functional Area 
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VI. NEAR TERM TECHNOLOGY IMPLICATIONS AND FUTURE RESEARCH 

This chapter will address a selection of issues that can complicate the NMS decision 
maker’s choices for implementation of solutions. It will also address technological changes and 
challenges. The indicators for industry trends in several key areas stand to radically change the 
way that networks work, and thus must be considered and managed. The chapter will also point 
out future research areas that could be carried on to improve the DoD’s role in managing it’s 
networks. 

A. BANDWIDTH CRUNCH AND QOS ISSUES 

Emerging applications, such as multimedia and full motion video will consume 
increasing amounts of bandwidth compared to text and still graphics. The experience of 
USSOCOM in implementing VTC on the SCAMPI network illustrates the potential for large 
bandwidth requirements. When the applications found at each individual desktop requires 
multimedia for training, or other job functions the network will face increasing demands on its 
resources. 

The key issue that future technology brings 1s not just bandwidth but predictability of 
the service received. As an example, VTC and interactive video are less tolerant than older 
voice channels to the variances and latency found in conventional router based networks. The 
guaranteed QoS necessary to implement this application has been available thus far due to 
bandwidth allocations that do not switch. See Appendix A page 85 for an example of a circuit 
where bandwidth allocation was fixed for VTC utilization and was unable to be easily 
preempted. In a connection-oriented environment this luxury of dedicated circuits free from 


any potential collisions and competition may not be present. The next section on ATM 
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addresses such an environment. 
B. ASYNCHRONOUS TRANSFER MODE (ATM) IMPLEMENTATION 

USSOCOM as well as many other DoD users have plans for the near term addition of 
ATM circuits and connection to external ATM networks [Ref. 6]. ATM’s connection-oriented 
nature demands a different type of network management and metrics determination. The 
implementation of ATM with its own unique metrics requires new tools. The decision will 
have to be made on the implementation of ATM Network management systems and metric 
gathering methodologies. 

ATM 1s the cell-based multiplexing technology specified by the ITU-T and Committee 
T1 for use in integrating data, voice and video communications in Broadband Integrated 
Services Digital Networks (B-ISDNs) and emerging national and global information 
infrastructures. ATM uses cell-multiplexing and switching technology using fixed length 
packets. This network access protocol can operate over fiber-optic circuits with data rates of 
1.5, 45, 100 and 150 Megabits per second (Mbps). [Ref. 29] The changes in NMS for ATM 
require the decision maker to either modify, add to, or replace the existing NMS to 
accommodate ATM. 

Primary differences in the way information is handled in ATM illustrates the 
requirement that the SRC have a NMS that is powerful enough to accomplish the task. The 
information in ATM that requires monitoring includes: cell transfer delay, cell delay vanation, 
errored cells, lost cells and misinserted cells. Impairments that would need monitonng 
include: individual bit errors, error bursts, and loss of frame events. Current monitoring 


methodology at USSOCOM and most DoD networks does not have the inherent ability to detect 
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these malfunctions. In addition the filter and capture speeds required of high speed ATM traffic 
creates the necessity to have dedicated monitoring devices that can monitor and buffer at least 
a million cells. The changing nature of the standards and specifications of ATM requires a 
flexible and upgradable analyzer that can stay current. 

While being different in the transmission methodology, the functions that NMS has to 
perform on the circuits will remain very similar. The important consideration in implementing 
a NMS solution will be the ability to preserve training and fluency in the SRC with the new 
implementation. Functionality and processes that could share the existing NMS system and 
screens would minimize costs. If it is possible to implement an ATM monitoring and 
management system on the existing hardware without significant modification, the cost and 
learning curve time would both be significantly reduced. 

c. SCALABILITY ISSUES 

1. IP Next Version/Version 6 (IPV6) 

The equipments used in most modern networks are based on the IPV4 and will have to 
consider the ramifications of the new IPV6 standard. IPV6 will provide support for (1) 
expanded addressing and routing capabilities, (2) a simplified header format, (3) extension 
headers and options, (4) authentication and privacy, (5) autoconfiguration, (6) simple and 
flexible transition to IPV6, and (7) increased quality of service capabilities. [Ref. 29] 

Most of the new systems architectures proposed for the near term including, Defense 
Message System (DMS) and the Global Broadcast System (GBS) [or Defense Broadcast System 
(DBS)] , include the IPV6's anycast address scheme as an essential part. The ability to have 


vastly improved routing and addressing coupled with multicast capabilities will soon pressure 
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all networks to upgrade to the standard. 

Ze Year 2000 Compliance 

All applications, solutions and devices that might be added need to be Year 2000 
compliant to avoid obsolescence and possible network related failures. This will apply to the 
existing SCAMPI network NMS as well as any improvements. All operating systems, databases 
and even the Basic Input Output System (BIOS) on PC’s will need to be compliant. Institutions 
have conducted testing of this potentially disabling phenomena by testing sections of their 
networks with an artificial setting ahead of all system clocks to 1/1/2000. 

D. WEB BROWSER BASED TECHNOLOGY AND MANAGEMENT 

1. Web Technology 

The advent of the World Wide Web (WWW) and its related standards, has created a 
client server information system on the Intermet (or any compliant network) that uses HyperText 
and multimedia techniques. This has enabled a consistent and simple means of accessing a 
variety of media. The HyperText Transfer Protocol (HTTP) is a protocol used for search and 
retrieval. 

Most of the functionality of network based communications can be accomplished via 
this web browser technology. The management of network objects 1s possible within this mode. 
An early user of Web browsers to interface and demonstrate network management was the 
Stanford Linear Accelerator Center (SLAC). This concept is still being demonstrated online. 
Appendix D provides the connection information under the University section of http addresses. 

2 Web Management - Industry Consortiums 


Several companies have announced plans to pursue this mode of network management 
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through web browser technology.[Ref. 24] One such effort has been labeled Web-Based 
Enterprise Management (WBEM). WBEM 1s a collection of technologies that is designed to 
facilitate management of the enterprise network. These technologies were developed by a 
group of companies and are intended to work independent of vendor, protocol, or management 
standard. Typically, enterprise management has been tied to different protocols for different 
disciplines; for example, SNMP for network management. [Ref. 28] 

Adopting elements of Object Oriented design, WBEM assumes that management 
problems are task-onented and require tools that work together to provide a single management 
methodology. These standards are strongly influenced by advances in Intemet technology, 
which has allowed for a new perspective on management. 

WBEM does not attempt to replace existing management standards such as SNMP. In 
fact WBEM complements this standard by providing an integration point through which data 
from all network sources can be accessed. This makes any management applications 
independent of specific Application Program Interface (APIs) or standards used to instrument 
each managed entity, allowing correlation of data and events from multiple sources on a local 
or enterprise basis. A web-based demonstration of WBEM 1s available in either Active-X or 
JAVA on the web [Ref 28]. 

3. Decentralized NMS Functionality 

The ability to decentralize NMS functionality will allow different approaches to 
network management. For example, a forward deployed SCAMPI node could conceptually be 
able to use browser technology to do equipment, line and performance checkouts. The future 


connectivity requirements of deployed troops may not follow classical military network lines 
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but may instead rely on more commercial connectivity that may not have direct dedicated 
oversight by a NOC such as the SRC. The ability to analyze performance and network 
operation at every level by users may become increasingly necessary as topologies mix and 
switch in the information grid. 

E. JAVA DESIGN CONSIDERATIONS 

Building on the nse of web browser technologies, the JAVA language, and its 
associated Management API base 1s well positioned to assume a dominant role in the future of 
network management and measurement. The ability to be platform independent and to write 
applications that are executable at all levels of technological ability within network devices, 
gives the NMS system of the near future tools and access that were heretofore impossible [Ref. 
22) 

The creation of browser based interfaces that allow the user to view and manipulate the 
attributes of his network have existed since late 1995. The commercial application and 
development of JAVA and web technology is continuing at a rapid pace. As most of the 
network interface is “built in” to the JAVA language the creation of network applications 1s 
now much easier and requires exponentially fewer lines of code. 

The ability to wmite code once and have it be executable on any platform, UNIX 
workstation, PC, Macintosh, or any network device regardless of vendor will allow for 
simplification of network management and metrics collection. The requirements to have “plug- 
ins’ to handle specific vendors product configuration and management functionality will no 
longer exist. What may result from this generic application may be the lack of human interface 


to the physical hardware. Current “plug-ins” create a artist rendition of the network hardware 
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that closely emulates the physical characteristics of the device. 

Table 6-1 illustrates the features of each of the JAVA Management API components. 
[Ref. 22]. The features listed are the ones most relevant to the problems and solutions 
proposed in the thesis. The Management API set allows the creation of viewer interactive 
management tools. The set includes the ability to easily create user interfaces, gauges, and 
other human-computer interfaces. 


JAVA Management API Component 


Admin View Module (AWM) 








An extension of the Abstract Window Toolkit 
(AWT). 

| Used to build graphical tables, charts, and meters 
for visualization. 


Base object interfaces Defines core object types for distributed resources 
and services in a management system. 


Managed container interfaces Allows grouping of managed objects for better 
organization. 

Allows group-oriented approaches for complex 
systems. 






















Core foundation of managed event notification 
Services. 

Can be expanded by developers to include system 
specific devices. 





Managed notification interfaces 










Allows linking of managed object attributes to 
relational databases. 

Allows a transparent link between management 
resources and external databases. 


Managed data interfaces 










Uses the JAVA Security APIs and JAVA RMI to 
add distributed object support to the core 
functionality. 





Managed protocol interfaces 














SNMP interfaces Allows support for legacy SNMP agents. 
Allows interfacing with all compliant devices. 


Applet integration interfaces Allows applet integration to accomplish 
management functionality 


Table 6-1 JAVA Management API Functionality 





op. 


F, OBJECT ORIENTED MANAGEMENT CONSIDERATIONS 

The requirement for reuse and cost savings on software design has prompted the DoD 
to examine the Object Oriented (OO) aspect of software, as in Ada, as well as other areas such 
as design and manufacturing processes. The JAVA language was built from its inception as an 
object onented language. Using JAVA as an example the concepts of oriented design and 
network management will be discussed. The following paragraph is a representation of how 
network objects under a OO framework are classified, ordered and stored. 

Each component in the management environment is referred to as a managed object, 
whose properties, attnbutes, and other information are stored in classes. These classes are 
organized into association and inheritance hierarchies, which are grouped by areas of interest, 
such as networking, applications, and systems. Each area of interest represents a schema, which 
is a subset of the information available about the management environment. 

The pnmary goal and inherent gain in OO design and languages is the ability to handle 
similar network objects with a single software mechanism, regardless of the actual underlying 
hardware. The ability to create definitions, classes, and functions that are truly transparent to 
the network objects that are being managed will represent a true advancement of the art. 

G. FUTURE DATA COLLECTION/ANALYSIS ACTIVITIES 

Future data collection and analysis activities will evolve beyond the realms of packet 
switching infrastructure, towards optimizing service quality by such mechanisms as information 
caching and multicast. These activities and the incumbent management and analysis activities 
will increasingly require visualization based monitoring. 


Graphical User interfaces (GUI’s) changed the look and utilization of most computing 
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tasks. Visualization will bring conceptual understanding to processes that cannot be viewed or 
touched physically by the system operator. Visualization is important in making sense of 
complex problems and is especially critical for developing and maintaining the efficiency of 
logically overlaying architectures, such as caching, multicast, and IPV6 tunnel infrastructures. 
It will be increasingly important as systems change into dynamically shared and allocated 
network structures. Systems that do not make use of, or are not capable of, visualization will 
become increasingly labor intensive and less productive and proactive with time. 
H. FUTURE RESEARCH 

This thesis lays the ground work for follow-on activity either at USSOCOM or any other 
DoD organization needing network management/metricsresearch. It is hoped this initial work 
will be followed up in any of the network management/ metrics issue areas or future network 


application environments. 
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APPENDIX A. USSOCOM TRAFFIC STUDIES 


This appendix consists of traffic studies collected from USSOCOM. 
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Time (Hourly from 11 0000 Nov 1996 through 17 2400 Nov 1996) 
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es LMCMC™té~CK:OOCCS Pee i coe | li i Average | 

2a \Time Voice Data Total _ iota aa jPercent /Percent. Standard 

m/dd/yy |hh:mm:ss| Bandwidth Sandia Sandia Calls | Bandwidth en one 

TTte6) 0:00:06] = = O|_—S-_- 497943! = 497943) 19 64.8%| 65.0%) 103831.8 
11/11/96) 1:00:06) _ 0} 497943! 4979431 «19, 64.8% a 
_ 11/11/96) 2:00:06) =O! 497943) 497943) 19, 84.8% 7: 
11/11/96) 3:00:06, (0 497943) 497943, isis _ 64.8% Average _ ‘Median _ 
11/11/96, 4:00:06) = = 0; 497943) 497943, _i9) 64.8% 497943 

11/11/96] 5:00:06' = 0} 497943) 497943) (19, 648% 
11/11/96, 6:00:06) OL 497943) 497943) 19} 648% — ;} 
~11/11/96| 7:00:06. 0|  497943| 497943) _ — 64.8% 
11/11/96] 8:00: - 497943) 497943 19] 64.8% 
ned 9:00:05) oes 497943) 497943; ss 19 64.8% | 

10: 00: OE _ 0) 497943) 497943) 19 648% o§ 

| — 497943 529943 20 69.0%, | | 

—— ae 529943, 20 69.0%| =| a a 

497943) 19| 64.8%, | 

529943 20 69.0%) a 

-Fiitv96) 15:00:06 0497943) 497043, 19 64.8%) 


riviae|te:00:06| ol astaaat astoaal telex 

| 11/11/96] 17:00:06] iOS 481943) 481943; 18] 62.8% | 
| 11/11/96] 18:00:06 sO], 481943) 481943 18} — 628%| 
| 11/11/96] 19:00:06] iO] 481943) 481943 18| 62.8% | = 
| 11/11/96; 20:00:06] OS 501143] 501143) 19] 5.3%] | 
| 11/11/96] 21:00:06] iO], 501143] 501143, 19] 65.3%) | 
| 11/11/96) 22:00:07; iO] 501143] 501743] 19] 65.3%] 
| 11/11/96] 23:00:07| |= 501143] 501143, 19] 65.3%] 
| 11/12/96] 0:00:06] |S 501143] 507143) 19] 65.3%] | 
| 11/12/96] 1:00:06] |S 507743) 501143; ~~ 19] ~— 65.3%] 
| 11/12/96 2:00:06] OS 501743) 501143, 19] 65.3%] | 
| 11/12/96) _ 3:00:06] — .0| 501143) 501143; 1g] 65.8% ae 
| 11/12/96] 4:00:06] | 501143) 501143] io] 5.38%] | 
vA = | 5:00:06] tO] 801143] 501143) 19) 65.3%] 
| 11/12/96| 6:00:07/ OO], 501143] 501143] 19] 65.3%] 
| 112/96) 2G] nO = 206 SO ee 
| 11/12/96/ 8:00:06) 64000) 846743 910743, 20] 118.6% | 
a a 
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| 11/13/96] 20:00:06] sO] 481943] 481943, 18] 628% 
| 11/13/96] 21:00:06] iO] 481943] 481943; 18) 2.8%| | 
| 11/13/96] 22:00:06] iO] 481943| 481943] 18] 62.8%] | 
| 11/13/96} 23:00:06] O| 481943, 481943, 18] 62.8%] 
| 11/14/96 0:00:06] iO] 481943| 481943} 18] 62.8%] | 
| 11/14/96] 1:00:06] OO] 481943) 481943, 18) 62.8%] | 
| 11/14/96] 2:00:07; |S 481943] 4gi943| 18] 62.8%] | 
| 11/14/96{ 3:00:06] 4819431 481943] 18] 628%] | 
eee 00-071 ____o}__481843|__ 481943 _ 18) 62% 
“as! 0, deseo —toas| te! exe 
T4706 7:00:06] __82000[ _481943| 513943, +16 66.9% 

Bae ce fl ° “98 se * 62.8% 

a a 
| 11/14/96] 10:00:06] 64000] 481943/ —545943/ 20] 71.1% 
| 11/14/96} 11:00:06] 96000|_ 481943) 577943, 21] 75.3%] | 
ee eee ae 
| 11/14/96] 13:00:06] 32000, 481943| 513943] 19] 66.9%| | 
T1496] 14:00:08, 0) -aataaa} —aatoaal tal ea. 
ee 10:00:06 _ 0481043) 8S 
| 11/14/96} 16:00:07; 32000] 481943] 513943, 19] 66.9%] | 
| 11/14/96] 17:00:07] 32000] 481943] 51394319] 66.9%] 
T11aie6|18:00:06| 0 aaiaaa}astoaal 18] eae 
eo 18:00:06| oss ee 
| 11/14/96] 20:00:06] 0) 481943] 481943, 18] 62.8%] 
Trane] aico1:te| of asada —-aatsaal_——18 eo 8x 
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mm/dd/yy] hh:mm:ss pandwiet Bandwidth ae Bandwidth| Bandwidth Deviation 
( plies 22:00: 06} 0} 481943) 481943) 18) 62.8%| | 
11/14/96] 23:00:07, =O , TeaE 481943) 18 62.8% i 
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609943! 22| 79.4% 
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| 11/15/96] 21:00:07| 128000] 481943) 609943) 22] 79.4% | 
| 11/15/96] 22:00:06] 128000] 481943 60994322) 79.4%) | 
| 11/15/96] 23:00:06| 128000) 481943609943) 22/ 79.4%] | 
| 11/16/96] 0:00:06] __128000|__481943/ 609943] 22/ 79.4%] | 
| 11/16/96] 1:00:07| 128000] 481943) 609943) 22) 79.4%) | 
| 11/16/96] 2:00:06] 128000, 481943) 609943) 22) 79.4%) | 
| 11/16/96] __3:00:07| 128000] 481943) 609943) 22|79.4%| it 
| 11/16/96] 4:00:06] 128000] -481943/ 609043, 22) 79.4% | 
~11716/86__5:00:06| __128000|__481943|_e0943|_22|_ 78.44 an 
| 11/16/96] 6:00:07 128000] 481943) 609943, 22] 79.4%] | 
vise) 790.97, 12000, —ast94a) — sogoca|_— aera are 

‘7716/96 


: Ise) 00:08) —r2s000| —asteda| —e0854a) aa) aay 
1716/96) 10:00:06) —i2a000] —astoda! —e09eaa) 22" 7a. 
| 11/16/86) 11:00:06) 128000] —aata4a"eoaeaal 2a" 7aaze. 
11/16/96| 12:00:06 0-061 128000| 481943] —s0084s | ~ 79.4% 

Lia usmape er nig 609943 22! 79.4% 
F anieies| “Hascesb<| "_teseno| 401963] 6000s] ae areas] ee 
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766 |_17:00:06/ 128000] 481943] 60994322] 79.4%] | 

14/1 G6 18:00:06] 128000| 481943] 609943) 22) 79.4%) 
tee 1.0096, 128000, —astass| —soasaa. 79.4%| | 
Tri7i6/86) 20:00:06, of asi9aal as 1943 62.8%| | 
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19! eo ——- 
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11/16/96} 23:00:06, = 0} 481943) 481943) 18 62.8% \ 
tre 2.002 —__0 481943| 481943 18|, 0 62.6 7cu ee 
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| 11/17/96| 2:00:06 | 481943) 481943 18} 62.8% me. 
[—3:00%06 481943} 481943 18 62.8% _—  . 
ee) __ 4:00:07 481943, 481943] 18] 62.8% Te 
Fi7i7106| 5:00:06, of aetoaa_—aeteaal tal 62.8% = a 
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” ae 
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A a ae a 62.8% 

11:00: (06041943, 419431 te 62.8% 

12:00: a I ee 
ee ee 
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Te TOOTS 0 ISOS TO Te 
|_11/17/96|_ 17:00:06, |S 156343) 156343, 7| 20.4% 

11/17/96) 18:00:06] | _156343, 156343 ~—7|~~—i20.a%| —SC|CSSC*” 
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| 11/17/96] 20:00:06] sO] 156343) 156343) 7|_ 20.4% 

| 11/17/96] 21:00:06! |S 156343] 156343) 7] 20.4%) 

| 11/17/96] 22:00:06, iO] *156343| 156343, 7] 0.4% | 
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_ [se76sk a | 
Date |Time _—‘|Voice_ —s—‘|Data” Total Total 
mm/dd/yy [hh:mm:ss | Bandwidth Bandwidth |Bandwidth Calls 
86) 0:00:05} = 0} 856800 856800, 
11/11/96) 1:00:05| __ _0 | 856800 
— 11/11/96) 2:00: 0, 856800) 856800) 
_ 11/11/96! 0} 856800! + 856800) ; 
11/11/96 _ a ol 56 856800, 856800 
11/11/96 _ 0} 856800! — 
“T1/11/96| 6:00:06) oe 856800, 856800. 
11/11/96) __7:00: ue pol. 856800 856800. 
11/11/96} 8:00:06] ———O|_~—S 856800, 856800) 
11/11/96 9:00: = 7 oo 856800; 888800]. 
10:00:06 856800! - 8800 
32000/ 856800! 688800) __ 
oy 856800} 888800 
856800} 856800 
irtiia6| 14:00:08) 0 856800, __ 856800 
“gia 8 15: 51 15:00: 06 0, 856800| 856800. 
ed 16:00: 05| 0 Jy gee 
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| 14/14/96] 20:00:05, OO} 741600] 741600] S| 82.2%] | 
| 14/14/96] 21:00:06] | 741600, 741600] 6] 82.2%] | 
| 11/11/96) 22:00:06 0741600, 741600) | 82.2%] 
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Percent (Percent |Standard 
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10) 37.2% __-38.9%| 102877. 
10, 37.2% 
10, 37.2% i 
10| 37.2% | Average Median 
10| 37.2% 895324) 856800 
10| ; a 
10) oe 
AO) =| ae 
10 
ei i ibe 
10 37.2% ee 
= 38.6% | S| 
38.6% a a 
SH22)t Soe a 
37.2% 
“0 37.2%| | 
| 36.5% q 
i2) 38.796 


6 32.2% 
6 32.2% 


cd Sg seek eae ot 
| 11/12/96| 5:00:06] OO] 741600] 741600] | 82.2%] | 
112/96] 6:00:06] | 741600, 741600| | 82.2%] | 
| 11/12/96] 7:00:06) | 760800/ 760800, 7, 33.0%] | 
| 11/42/96] 8:00:06, O] 1164000) 1164000 9} 50.5%! | 
ee 0 __ ee ee 
| 11/12/96] 10:00:06] 32000|__—-816800| 848800] 36.8%] | 
| 11/12/96| 11:00:06] 640001816800] 880800] = 10] 38.2%] | 
“i1742786) 12:00:06] 0! 616800, 16800 6| ass | 
ee Oe ee ae 
| 11/12/96 14:00:08] 64000]__—886400] 950400) 15] 41.3%] | 
| 11/12/96] 15:00:05] 64000/_— 910400) 974400) 16] 42.3%] 
[yiares|“te:0096| 0] —st0400.—stoaoo)_——ts. oa 
| 11/12/96] 17:00:05; 64000] 910400) 974400] 16) 42.3%) 
1742786) 18:00:08] 0] 908000) s08000|t3) s9.4%«) 
| 11/12/96] 19:00:05] 0] 908000, 908000] 13] 39.4%] | 
11/12/96] 20:00:06] 0] 908000, 908000) 13, 39.4%] | 
ri/12/06 _21:00:05| 0908000] 908000) 13] 39.4%) | 
11/12/96] 22:00:06] Oo] 908000] 908000] 13, 39.4%] | 
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3@768K | Se ee ee 
Voice Data___—s—sTotal ~=—_—siTotal 
mm/dd/yy |hh:mm:ss|Bandwidth |Bandwidth|Bandwidth|Calls | 
ar 208000! __sosoo0, 3, 294% eee 
06) = 0; ~=S_ 908000, + — 908000. I) aac — 
: 0; 908000 908000. 13: 39.4% _ ik 
__.....0' 908000; 908000 13' 39.4%) 
0, 908000 ~—_ 908000, ig! _39.495| : 
0; 908000, __ 908000. 13! -39.4%| | 
0, 908000, 908000 13 «(994% cd) OT 
__ 0 908000) = 908000, 13: 394% 32) 7 
7:00:05, si} 837600| 837600, 8.4%] | 
8:00:06 64000! ~— 840000, = 904000 12 39.2%, | 
11/13/96] 9:00:05 0 840000 840000 _—i10)—- [ma 
11/13/96| 10:00:06 96000 840000 936000) 13) 





11/13/96] 11:00:05 32000} _840000| 872000 _—11;_~—— 37.8%, 


32000; 840000, 872000) _11, ~—37.8% 
0} 840000! _ 840000. 10: 36.5% 

| 11/13/96] 14:00:05 = ~——-0| ~— 840000; —840000) 10, 36.5% 

18 55.3%! 

32000, 856800, 888800) 11) 38.6%) | 
1240800 16, _ _53.9%| | 
| 11/13/96] 18:00:06 iO, ~— 856800) 856800] 10, 37.2%) Ss | 
| 11/13/96] 19:00:05] ——s——siO|_—S 856800] 856800; 10)_— 37.2%] | 
| 11/13/96] 20:00:06; 0} 856800| 856800] 10|_— 7.2%] | 
| 11/13/96] 21:00:05) ———O]_— 856800/ 856800; = 10)_— 37.2%] | 
| 11/13/96} 22:00:05] O|_~— 856800] 856800] 10, 37.2%) | 
| 11/13/96] 23:00:06; OS 856800! 856800; 10)_— 87.2%] | 
| 11/14/96} 0:00:06] iO] 856800] — 856800, 10) 37.2%] | 
| 11/14/96] 1:00:05, |S 856800] 856800, —10|,—S 357.2%, S| 
| 11/14/96} 2:00:06) (|S 856800) 856800 10] 37.2%) | 
| 11/14/96] 3:00:06] ss (O|_—S 856800] 856800] 10, 37.2%) | 
| 11/14/96| 4:00:06] 32000) _~—856800|_—sassdo| 11] 38.6%] | 
| 11/14/96] 5:00:07| |S 856800] 856800; 10) 357.2%) | 
11/14/96} 6:00:05] iO] 856800; — 856800; 10]_—S 37.2%] | 
| 11/14/96} 7:00:05] 32000] —856800] —gassoo| =— tt] = 38.6%] | 
| 11/14/96] 8:00:05; iO} 856800] 856800] 10], 87.2%] | 
| 11/14/96 9:09:27| | 856800| 856800] 10] 87.2%] | 
| 11/14/96| 10:00:05] 32000) 856800| —88asoo,——t] = 38.6%] | 
| 11/14/96| 11:00:06] 160000] 988000] 1148000, = 22] 49.8%] | 
| 11/14/96] 12:00:05| _—64000/ _—-988000| 1052000) 19] 45.7%] | 
| 11/14/96] _13:00:05| __-64000/ 972000] 1036000/ 18] 45.0% | 
sj 41.6% | 
| 11/14/96] 15:00:06| 32000] 892000) 924000] 13] 40.1%, | 
1340000, 20, 58.2%) 
892000; 956000, 14) 41.5%) 
| 11/14/96] 18:00:05| _64000|__—-892000|_ 956000; 14] 41.5%] 
892000, 92400013] 40.1% 

892000) 924000 ie} 40.1%! 
13] 40.1% 
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| FtBraggto MacDillAFB sy ale Pane ‘ sl | 
|3@768K i 







° fam 











Date Time _—Voice —‘[Data__—[Total ~—s|Total _—([Percent 
mm/dd/yy [hh:mm:ss | Bandwidth |Bandwidth|/Bandwidth|Calls __| Bandwidth| Bandwidth | Deviation 






















11/14/96! 22:00:06 32000) 892000|_ 924000, 2 40.1% ae 
_ 11/14/96) 23:00:06| ,924000\gee 13) 40nie er 
11/15/96: 0:00:05! 924000! = 13; 40.1% ai. ¥ 
11/15/96 1:00:06! 888800) 11, 88.6% 

11/15/96' 2:00:05! 856800, 856800; 10) 87.2% | 
11/15/96) soe 0] 856800, 856800] 10|~S 37.2%) A ae 
11/15/96, 4:00:05, === 0, ~— 856800, ~— 856800 ~Ssisisa10)—Ci'i(‘as 87.2% 
11/15/96} 5:00:06; | O 856800 856800 _ 10 37.2%: i. mal . 
7 af 1/15/96! 6:00:38 oe 32000 856800 888800 11 _ 38.6%) ee i — 
_ 11/15/96 | ____£:00:07) _ 32000 - 856800 888800 al 38.6%! | eee Bn 
_ 11/15/96; 8:00:06, == 0|_~—s 856800) — 856800 (10 3727 a 
11/15/96 9:00:05 _ 96000 856800 952800 13 41.4%! oe | 


11/15/96, 10:00:05 0} 1240800! 1240800i 16 53109) 
11/15/96: 11:00:06! 96000 856800 952800 a3 41.4%) 4 : nth) 
11/15/96| 12:00:06 0} 856800}  856800| —=10 37.2%: | 


11/15/96 0 856800 856800 10 37.2%, | 














11/15/96) — 14:00:05 "856800856800, —‘10| 37.2%) 
of 856800] 85680010 37.2% 


38.6%. | a 
| 11/15/96| 17:00:06] 32000856800, 888800] 11] 88.6%) 
| 11/15/96) 18:00:05| 32000| 856800} 888800] 11] 38.6%] | 
| 11/15/96] 19:00:05] 0856800) 856800] 10) 87.2%] | 
11/15/96| 20:00:06 0 856800, 856800] 10] 7.2% | 
11/15/96| 21:00:06 |, 856800] 856800) 10] 87.2%) 
|11/15/96| 22:00:06] 0856800) 856800) 10] 87.2%] | 
| 11/15/96] 23:00:06] | 856800) 856800) 10] 87.2%) | 
11/16/96] 0:00:05] 0856800] 856800) 10) 87.2%] | 
| 11/16/96] 1:00:06] | 856800) 856800] 10] 7.2%) | 
| 11/16/96} 2:00:05] | 856800] 856800] 10] 7.2%) 
| 11/16/96} 3:00:07/_ 0] 856800) 856800) 10) 87.2%] | 
| 11/16/96] 4:00:05; | 856800] 856800] 10] 87.2%] 
| 11/16/96] 5:00:05] | 856800] 856800 10] 37.2%) | 
| 11/16/96] 6:00:06; 0856800] 856800) 10) 7.2%) | 
| 11/16/96) 7:00:06) | 856800] 856800) 10) 87.2%) | 
| 11/16/96) 8:00:06} 0] 856800) 856800, 10) 87.2%) | 
| 11/16/96) 9:00:05] | 856800856800] 10) 87.2%) 
| 11/16/96] 10:00:05) 0856800] 856800] 10] 87.2%!) 
| 11/16/96] 11:00:05] | 856800] 856800, 10] 37.2% 
| 11/16/96) 12:00:06) 0] 856800] 856800/ 10 Bee 
| 11/16/96) 13:00:05) | 856800! 856800, 10) 87.2%) | 
Tito. 120 08, — 0. _ses800, _a58600| _10.__s7 
7 
rirtarse|—te:00:08| ol —ssbaoo| —eseeoo! tot sr 
| 14/16/96) 17:00:05| | 856800] 856800] 10] 37.2%) | 
11/16/96} _ 18:00:06 10] S720 cy ee 











11/16/96! 19:00:05 10/0 e722 a 
20:00:05 _ 856800] 856800] 10) 37.2%) 


fe 


Bandwidth Utilization Report 
NIN4 























|__| Ft Bragg to MacDill AFB _ i 

_s«3@7esK | Average 
ae Time Voice _ | ad Total | Percent Percent Standard. 
ee Se ea ee ee eee ee eee ty erawiain Deviation 
10, 37.2% 




























11/16/96) 22:00:05" 0. 856800856800 10, 37.2%) _— 
11/16/96] 23:00:06 7 856800 a 10| | 37.2% 9 0) 
10, 37.2%) = 

10, 37.2%) = = 
11/17/96} 2:00:05 0} 856800! 856800 10 37.2% 

11/17/96) 3:00:06 0} _856800| 856800) 10, 37.2%! _ 
11/17/96) 4:00:06) —=————*O|_~—S 856800; 856800; 10 37.2% i ~ == 
11/17/96! 5:00:05 0} 856800! 856800) : 37.2% = 
11/17/96} 6:00:05! Of 2886800 37.2% COLO 
11/17/96| 7:00:06 oe ome 37.2% 

11/17/96 _ 8:00:06 a) asss00,—asss00" io 37.2%) 

| 11/17/96|__ 9:00:05, 0] 856800' 856800) 10) 87.2% | 
“iiss seanas| ——o —esseeo.—esss00, 10s. 
| 11/17/96 11:00:05 | 856800856800] 10) 87.2%) 

te 12:00:05) ; Se Se 
1o|___—37.2%| 
| 11/17/96] 14:00:05, 0} 1126400) 11264001 20] 48.9%) | 
20] 48.9% 
717196) 16:00:14" 0 1426400 1126400" 20 48.9%) 

| 11/17/96| 17:00:05, | 1126400] 1126400) 20) 48.9% 


| 14/17/96] 18:00:05} 0} 1126400| 1126400] 20] 48.9%) | 
| 11/17/96| 19:00:05, 0) 1126400| 112640020) 48.9%) | 
1747196) "20:00:08" 0. 1126400) 1126400" 20, 48.9% 
| 14/17/96, 21:00:05, 0, 1126400) 1126400| 20) 48.9%) 
_TT7i06 | 22:00:05| ___0| 1426400) 0 ee 
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N1NQ 
|... |FtBraggtoHurlburtt a eee i 
Poke fall |Average 
Date _—siTime Voice _— [Data _ ccc Total — {enlace | Standard 
mm/dd/yy |hh: mm:ss| Bandwidth |B |Bandwidth| Bandwidth |Calls. _ |Bandwidth Bandwidth| Deviation 
_AVAN96 | 0:00:04) _0| 640800, 640800, 7| _62.6%| 62. 9) _34328.07 
11/11/96; 1:00:04, 0 640800 640800. _7|  _62.6%| 
_11/11/96| 2:00:05) == «OS 640800 §=— 6 40800 7) 962672) ee | a. 
11/11/96; 3:00:05) ce 640800, 640800, 7  62.6%| Average “TMedian 
_11/11/96, 4:00:05, 0} _ 640800. 640800, 2p 640800 
11/11/96) 5:00:05, == 0|,_— 640800 © 640800 ane 
11/11/96) _ Set 0 640800 640800. 7 6%| 9 a | 
11/11/96) 7:00:05) = 0; ~=—640800 = 640800) 7, 62.6% 
11/11/96; 8:00:05) > “oO 640800) _ 640800 7, oe | 
11/11/96 9:00:04 == 0 640800 640800 #####7 626%  j|é$ | | 
11/11/96, 10:00:05 === 0, ~=—s 640800 +=: 640800) (<=és 7 e26%| | | aaa 
11/11/96] 11:00:05) = = =—-0|~—s 640800 ~=s «640800, — iss 62.6%, =| 
11/11/96} 12:00:05 0} 640800, 640800 7 62.6% 
| 11/11/96 13:00:05] 0] 640800, 6 40800 7|_ 62.6%) sid 
0} 640800, 640800 : 62. os ae 
0} 640800 640800 | 626% ae 
| 11/11/96! 16:00:04 0,6 40800) 640800 762.6% 
— 17:00:04! 0} 589600) 589600 4) 57.6% | 
589600) = —— = 
589600| 5696001, —~=«7.6%| | 


1711796) 20:00:08" 0686800, 696800, 8) 68.0% 
11/11/96, 21:00:05) 0] 696800, 696800, 8) 68.0%) | 
irre zz00.0s, 0} —s85800,—eaesoo] | ee. 
11/11/96] 23:00:05, | 696800| 696800] 8) 68.0%) | 
1172/61 _0:00:05|____o'__696800} 696800] é|___ | 
Te OP PE 0. S888 _S86808) B68 0%) —_ 


— 











696800 


Oe oe 
| 11/12/96 5:00:05} (OS 96800] 696800, ss 8} SC 8.0%) | 
| 11/12/96| 6:00:05 sO] 96800] 696800] Ss 8] SC 8.0%] | 
| 17/12/96) 7:00:05} iO] 99200} ~—699200/_ |S 8.3%) 
| 11/12/96] 8:00:05] COS 99200] 699200) BHT 
_11712/96{ 9:08:06] ___0| _ 699200) _ 6 
| 11/12/96} 10:00:05| ——32000|_— 643200] 675200] 8S 5.9%) | 
| 11/12/96] 11:00:05, 96000] 643200 739200111] 72.2%] | 
iris! 12000s, 0} stato! —ssosoo! "71 sa] 
| 11/12/96/_ 13:00:05 iO] 589600) 589600 57.6%| 
| 11/12/96] 14:00:07; 32000|_— 589600 621600) 55] 60.7% 
tities _1er00ro4 S000 889600, 621800, 8 BO 
-itzia6| 16:00:05 fs 8001—s80600| ase 
| 11/12/96] 17:00:05] iO] 589600] 589600 4] 576%] | 
| 11/12/96] 18:00:04; iOS 589600) seg6oo, — (i 576%] | 
11/1 5198 110008 _0.__889600, 89600, 4 __ 87.6% __ 
4 [i (ss 


1 ae ee! 589600 
| 11/12/96, 21:00:04[ | 589600/ 589600 a] 7.6%| | 


| 1iiae6| 22:00:05] | 589600] segeoof 4] 57.6%] | 
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N1NQ 
[Ft Braggto Huriburt 1] r Po = 
a ‘|1024K ee | i Average 
Date iTime lVoice Data Total -|Total | Percent 'Percent Standard 
mm/dd/yy [hh:mm:ss |Bandwidth [Bandwidth|Bandwidth|Calls _ | Bandwidth| Bandwidth | Deviation 
11/12/96, 23:00:05 == ==—-0 ~—«589600| —_ 589600 41 57.6%; | 
7113/96 a “0, 589600, 589600 41 57.6%. 
_11/13/96| 1:00:04 = 0, 589600, _ 589600 4 57.6%: | _ 
11/13/96) 2:00:05, 0} 589600) _ 589600, 4, 57.6% | 
11/13/96] 3:00:05) === 0, 589600; _589600, 4 57.6%) i 
~T1M3/96, 4:00:04, 0.589600) 589600, 4 87.6%. i 
“11/13/86, 5:00:05, 0. ~—~S89600, _ 589600. 4 57.6%. | 
11/13/96, 6:00:05) _—=————0,~—S—«i58 9600) 589600 4 57.6% a 
11/13/96) 7:00:05, O'S 640800 64080007, 62 6% 
11/13/96; 8:00:05, 640800} 640800) _ a 62.6%: : : 
11/13/96] 9:00:04, ———s«0|-~Ss«6 40800 «640800 7 62.6%! | 
11/13/96; 10:00:05) __ | ee 640800. 640800, 7, 62.6%) — 6S “ea 
11/13/96| 11:00:05! _ 32000| ~~ 640800 ++672800| _—ss—si8 65.7%). | > 
11/13/96} 12:00:04 96000, 640800! 736800) 10) = 72.0%, =e Lid 
11/13/96] 13:00:05] = 01 640800} 640800) . ae 62.6%) ll 
11/13/96] 14: 00: = O0| 640800! 640800. 62.6% a | 


11/13/96 45:00:08) 38000, 640800, 6728001 865.7% 
| 11/13/96] 17:00:05) OO] 643200! 643200) 
| 11/13/96| 18:00:05, ——O|—— 640800| 640800 a 
eee ee 
| 11/13/96} 20:00:05, |S 640800) 640800, = 7] 2.6%] 
| 11/13/96] 21:00:05] =| 640800) 640800) —— (Gs 7] SH] | 
| 11/13/96] 22:00:04) iO, 640800] —640800—— 7] 2%] | 
| 11/13/96] 23:00:05} sO! =~ 640800] 640800) 7| 26% | 
| 11/14/96] 0:00:05; |S 640800) 640800, 7, 2% | 
| 11/14/96) 1:00:05 (|S 640800/ 640800, 7| 62.6%) | 
| 11/14/96) 2:00:05 | 640800] 640800 — 7], 62%] TC 
| 11/14/96] 3:00:05] | 640800] 640800, 7] 62.6%] | 
| 11/14/96} 4:00:05 |S 640800] 640800, 7] 2%] | 
| 11/14/96] 5:00:06] | 640800; 640800 7] 2% | 
| 11/14/96] 6:00:04 | 640800| 640800, 7, 2% | 
| 11/14/96) 7:00:04 |= 640800| 6408001 7, 2% | 
ee co 0, 649200) _ 6482008 ee ee 
| 11/14/96| 9:09:21] 64000|_—«643200| 707200; 10) 69.1%] 
/41/44/96| 10:00:05, 32000| _643200| 675200) O5.% 
| 11/14/96] 11:00:05, 64000) 512000] ~—s7eoooj—— i] 86.3%) CTC 
| 11/14/96] 12:00:05, 64000] 512000] _~—s76000, 3, 86.3%) sid 
rtares 13:0005, 0, —sea0o0. —sas000__~2 51.6% a 
oo EO ee ee 62.3% 

TTaie 15:00: OE aoe ee 640000 O25 75), 





11/14/96] 16:00:05 64000! 608000! 672000 8 65.6% a =-] 
11/14/96} 17:00:05  —=—=———-O}_~—«608000) + ~~608000) = =—s 6| —S ‘59.4% 
11/14/96 16:00:05 : 605600] 605600 5] 59.1% 


11/1 nls 19: 00: 04 eee eer: 3) 


59.1%] _——s 
41744786] ~20:00:04| 0 | 608600, 605600 5 
| 11/14/96] 21:00:04] | 605600] 605600] 5] 59.1% 
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Date Time __ 
mm/dd/yy |hh:r 7mm: :-ss|Bandwidth 
































Ft Bragg to Hurlburt 1 | 


iFotal - 






NINQ 


— ee ene —-_-- -- = - - { ——_ 
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Average — 


‘ jit |Percent _ (Percent. _|Standard 
Bandwidth) Bandwidth | Deviation 








a 




















11/14/96) 22:00:05) ae 608000! 608000] | 6) 59.4%, 
11/14/96) 23:00:05, 0} 605600, 605600. 5} _ 59.1%, 
VIAS/96 0:00:04 0} 605600 __ 605600 9, 99.1%, 
11/15/96! 1:00:05 = 0 640800, 640800 = 7 62.6% 
“11/15/96, 2:00:04 0|_—«640800| 640800! 7! 62.6% | 
11/15/96 3:00:05) 0 6408001 640800 7| 62.6% 
—-11/15/96' 4:00:05; O 640800 640800 __ 7i 62.6%: 
11/15/96 _ 5:00:05) 0) 640800, 640800, 7) 62% 
_ 11/15/96! _ 6:00:37) _0' 640800, 640800 7) 62%. 
~11/15/96' 7:00:06) = 0 640800, 640800 ###7| 62.6% 
11/15/96 8:00: 05) 0} «643200, ~~ ~643200) Ss 8 62.8% 
11/15/96 9:00:04) _ 64000} 643200) 707200) 10 69.1% a i 
11/15/96} 10:00:05 = 0;  643200| 643200, Ss 8B 62.8%, ie I 
11/15/96} 11:00:05] 0| 643200] 643200; _— 8 628%: |e 
11/15/96, 12:00:05. 64000|  643200| 707200|  —«: 10 69.1% ! 


11/15/96) 13:00:05 32000/  643200/ 675200) ~=—9 650%, 


11/15/96} 14:00:04 32000 643200 675200 
aT5/96), "15;,00705 32000 643200 675200 


11/15/96} 16:00:04! 0. 643200 


11/15/96; 17:00:06 0 643200 


9; 65.9% = 

Qj: 6S, ene 
643200 si —e2ies), 
643200 8] 62.8% | 





11/15/96| 18: :00:04 ae 640800} 640800 / 62.6% | 
62. of 


-aiaispeet 21-00:08| ol —eaes001 40001 | _eo.enct 
11/18/96, 22:00:05, | 640800, 640800, 762.6%) 
ise, 23.00.08) 0 —etoeco, —ex0s00. 7 62.6% 

11/1 ace 0: ae 05 0} 640800/ 640800; 7 62.6%} 

11/1 oe E 00: 05 o| 640800! 640800) 62.6% 


CO a a 
tiaeeme, S06 _e_0| 840800, | ee ee 
| 11/16/96) 4:00:04] | 640800, 640800 7] 62.6%] | 
| 11/16/96] 5:00:04) | 640800] 40800] 7] 62.6%) | 

1716/96 [6:00:05/ _—o|__640800/ 640800] 7|—2.6%| 
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APPENDIX B. NETWORK MANAGEMENT DEFINITIONS 


There are many sub-definitions for some of the following terms. The author has attempted to 
use the most relevant definition to the subject matter in the thesis. 


Agent 


Software running on a network device or computer system which collects and makes available 
MIB variables 


Application Program Interface (API) 

A term for the interface by which an application program gains access to an NMS (or other 
software service), usually defined at the source code level. An example is the JAVA 
Management API (MAPI). 

Abstract Syntax Notation One (ASN.1) 

The OSI language for describing abstract entities by using macros that build on simpler entities. 
The primary advantage of this syntax is that it is not dependent upon the underlying hardware. 
Asynchronous Transfer Mode (ATM) 

A high speed connection onented switching and multiplexing technology that uses 53 byte cells 
(5 byte header, 48 byte payload) to transmit different types of traffic simultaneously, including 
voice, video and data. It is asynchronous in that information streams can be sent independently 
without a common clock. 

Autodiscovery 

The process of automatically locating objects on the network. Some autodiscovery algorithms 
also determine and save the network topology. Usually access is limited to “community 
strings” which only allow operation within a named network section. 


Binary 8 Zero Substitution (B8ZS) 


A technique that accommodates the ones-density requirement of digital public transmission 
facilities, without inducing bit errors. 
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Bandwidth 


The amount of traffic capacity the transmission media can support at one time. Applications 
are increasingly requiring more and more bandwidth. 


Client/Server 

An architecture for network services in which a central processor (the server) runs programs 
that provide file storage, database management and access to shared resources, while a number 
of remote users run “client” software designed to access and share these resources. In network 
management terms, the server would service clients within a sphere of responsibility with those 
management tasks and functions relevant to its operation. 


Common Management Information Protocol (CMIP) 


Common Management Information Protocol, an application level protocol, specified by OSI, 
for network management. 


Customer Network Management (CNM) 

Customer Network Management, this provides (business) customers with access to management 
information in the public network management system. This management information relates 
to services provided to the customer by the service provider. 


Dynamic Host Configuration Protocol (DHCP) 


Dynamic Host Configuration Protocol. Used to dynamically assign IP addresses. 


Element Management System (EMS) 

An EMS manages a specific portion of the network. For example with a SunNet Manager, an 
SNMP management application, is used to manage SNMP manageable elements. Element 
Managers may manage async lines, multiplexers, PABX's, proprietary systems or an 
application. 


Fault Management 


Fault management is the detection of a problem, fault isolation and correction to normal 
operation. 
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Integrated Services Digital Network (ISDN) 

- A switched digital transmission service provided by a local telco's switching office. Uses same 
copper as analog service so is practical for home, small office, school applications. Available 
in BRI (2 64Kb data channels | signaling channel) or PRI (23 bearer(data/voice) channels 1 
signaling channel) 

Internet Protocol (IP) 


A layer 3 protocol, part of the TCP/IP protocol suite that governs packet forwarding between 
LAN’s or LAN segments. 


Jabber 

A blanket term for a device that is behaving improperly in terms of electrical signaling on a 
network. In ethernet this is Very Bad, because ethernet uses electrical signal levels to determine 
whether the network is available for transmission. A jabbering device can cause the entire 
network to halt because all other devices think it is busy. Without protocol and application 
monitoring this problem may not be detected. 

Local Area Network (LAN) 

A data-communications system that operates within a building or “campus”. This meaning has 
been somewhat diluted due to extensions of LAN range. A LAN can serve a base and still be 
referred to as a LAN rather than a WAN. 

Managed Objects 


Managed Objects are the devices, systems and/or anything else, e.g., protocols or applications 
requiring some form of monitoring and management. 


Management Information Base (MIB) 


The objects that are available in a managed system. The information is represented in Abstract 
Syntax Notation 1 (ASN.1) 


MIB Browser 
A software tool that can be used to display arbitrary MIB variables obtained from an SNMP 


agent, allowing the user to browse through all the information provided about the device or 
service supported by the agent. | 
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Open Systems Foundation (OSF) 

A foundation created by nine computer vendors to promote Open Computing. It is planned that 
common operating systems and interfaces, based on developments in Unix, the X Windows 
System, etc. will be forthcoming for a wide range of different hardware architectures. 

Open Systems Interconnection (OSI) 

A top-level model of network architecture that specified seven functional layers. (Applications 
using modem programming often bypasses these artificial layers and lets high level applications 
perform functions that were reserved for lower level functionality. ) 

Request For Comment (RFC) 

The realization that standards in the computer industry change very quickly has resulted in a 
defacto publishing of RFC’s to allow computer industry providers the ability to try and shape 
a moving target of standardization by publishing and commenting on the proposed rules. 
Usually obsolete by the time the RFC 1s widely read and initially adhered to by the group. 
Simple Network Management Protocol (SNMP) 

An application layer protocol that allows remote management of networked devices. A defacto 
standard for setting and monitoring network configuration parameters. Currently the version 
is SNMPv2 and work is proceeding on a subsequent improvement. 


TRAP 


A trap is an unsolicited (device initiated) message. The contents of the message might be 
simply informational, but it is mostly used to report real-time alarm information. 


Virtual Private Network (VPN) 


The use of a public network such as the Intemet in place of private lines to transport internal 
corporate data such as intranet documents, groupware communications and email. 


Wide Area Network (WAN) 


A public or private communications system serving geographically separate areas. 
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APPENDIX D. HYPER-TEXT LINKS TO NMS/METRIC SITES 


One of the fundamental aspects of HTTP links is that they are dynamic. Their 
addresses, content and appearances change as often as they are updated. Any researcher, 
network engineer using them should recognize the necessity to monitor changes and updates. 
This collection while current at the time of wniting will change. Not all of these are easily 
found in search engines on the web and represent many cross searches and browsing hours. It 
is hoped that this “starting point” will save valuable time for network engineers and 


administrators. The sites are divided into military, industry and university groups. 


A. MILITARY: 


AETC NMS Server. 

The USAF Air Education Training Command Base Network Control Center Information 
Services 

http://www.aetc.af.mil/AETC-NetM gmt/nms-mainmenu.html 


B. INDUSTRY: 


Network Management Server (NMS) 

This server functions as the archive base for Network Management Systems. It is a good 
Starting point for research. 

http://netman.cit.buffalo.edu/index.html 


Network Management Forum 

The Network Management Forum exists to promote the worldwide acceptance and 
implementation of a service-based approach to network and systems management that crosses 
the boundaries of the telecommunications and computing industries. 

http://www/nmf.org/ 


Management Information (European - Micromuse). 


A good European Network Management resource 
http://www.micromuse.com/netman/ 
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cc: UNIVERSITIES: 


University of Braunschweig (Germany) 
http://tu-bs.de/ibr/projects/nm/welcome.html 


University of Delft (Netherlands) 
http://dnpap.et.tudelft.nl/DNPAP/dnpap.html 


University of Kansas NTS Network Management Homepage 

Features real time network utilization statistics, subnet tables, and router arp tables for many 
of the educational institutions in Kansas. 

http:// www.uks.edu/NMS/initial.html 


Ohio State University 

This site in addition to giving links to the Ohio State NMS gives a FAQ on SNMP that is good 
for network engineers. 
http://www.cis.ohio-state.edi/htpertext/faq/usenet/snmp-faq/part1/faq.html 


Stanford Linear Accelerator Center (SLAC) at Stanford 
SLAC Network Management Team 
http://Awww.slac.stanford.edu/comp/net/quick-guide.html 


University of Twente (Netherlands) 
Publishes The Simple Web, e-zine with focus on Internet management 
http://snmp.cs.utwente.nl/ 


Yale 


Distributed Management System (DMS) 
http://pantheon.cis.yale.edu/~Kmyles/AS-dms.html 
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